3f7ddaa706b03f0e596912b3f484b5c5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3f7ddaa706b03f0e596912b3f484b5c5_JaffaCakes118
Size

56KB
MD5

3f7ddaa706b03f0e596912b3f484b5c5
SHA1

22d3de087431dd5981851ea430db8ee68312099b
SHA256

cb709125f58bdc68f28b6dce50511f5fabb528d9737a523ef6f4195e111c397a
SHA512

375024922a4a0f365c6efe99e3728b85ed96e0f54657307bba7f2877efc0ad792a447e04a5ddb60af7fde28832742ef9e8982e8e51ce8006ebb7226333840538
SSDEEP

768:fz7fgGBti3npzXVTLxu8vK21/54qN1oy7VXZ4vBGxf5FoToxeIB8pmFXikt+Tl9M:f9tajLxFS8/54ghXbgI8p8ikt+nwBT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3f7ddaa706b03f0e596912b3f484b5c5_JaffaCakes118

Files

3f7ddaa706b03f0e596912b3f484b5c5_JaffaCakes118
.dll windows:4 windows x86 arch:x86

591d369dc440c84b750dfc5161fffb44

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

ZwEnumerateKey
_stricmp
ZwCreateEvent
IoDeleteSymbolicLink
memmove
strncmp
RtlAnsiStringToUnicodeString
InterlockedIncrement
InterlockedDecrement
NtBuildNumber
InterlockedCompareExchange
strstr
IoDeleteDevice
KeSetEvent
swprintf
strchr
KeInitializeEvent
RtlInitAnsiString
atoi
ZwQuerySystemInformation
RtlFreeUnicodeString
PsCreateSystemThread
ZwDeleteKey
InterlockedExchange
IofCompleteRequest
ObReferenceObjectByHandle
KeWaitForSingleObject
KeTickCount
IoCreateSymbolicLink
ObfDereferenceObject
RtlUnicodeStringToInteger
IoCreateDevice
atol
KeInitializeMutex
KeSetPriorityThread
KeReleaseMutex
KeGetCurrentThread
KefAcquireSpinLockAtDpcLevel
KeInitializeSemaphore
KeReleaseSemaphore
KeReadStateSemaphore
KefReleaseSpinLockFromDpcLevel
KeInitializeSpinLock
ZwQueryInformationProcess
ZwQueryVolumeInformationFile
RtlAppendUnicodeStringToString
memset
RtlAppendUnicodeToString
strlen
sprintf
ZwOpenKey
ZwWriteFile
ZwQueryInformationFile
ZwOpenFile
KeServiceDescriptorTable
RtlCompareUnicodeString
ZwDeleteFile
ZwClose
ZwQueryDirectoryFile
ZwQueryValueKey
ZwCreateFile
ZwSetInformationFile
ZwSetValueKey
RtlInitUnicodeString
ZwReadFile
ExFreePool
RtlCompareMemory
KeQuerySystemTime
ExAllocatePoolWithTag
PsTerminateSystemThread
memcpy
_except_handler3

hal

KfAcquireSpinLock
KfReleaseSpinLock

ndis.sys

NdisAllocateBuffer
NdisDprAllocatePacket
NdisFreeSpinLock
NdisQueryBufferOffset
NdisFreeBufferPool
NdisAllocateSpinLock
NdisDprFreePacket
NdisAllocateBufferPool
NdisAcquireSpinLock
NDIS_BUFFER_TO_SPAN_PAGES
NdisAllocatePacketPoolEx
NdisReleaseSpinLock
NdisUnchainBufferAtFront
NdisFreeBuffer
NdisFreePacketPool
NdisMSleep
NdisGetFirstBufferFromPacket
NdisAllocatePacket
NdisDprAcquireSpinLock
NdisFreePacket
NdisDprReleaseSpinLock
NdisQueryBuffer
NdisOpenAdapter
NdisCloseAdapter

Sections

.text
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 677B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

591d369dc440c84b750dfc5161fffb44

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

ndis.sys

Sections

.text Size: 37KB - Virtual size: 37KB

PAGE Size: 1KB - Virtual size: 1KB

INIT Size: 1024B - Virtual size: 677B

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 4KB - Virtual size: 71KB

.rsrc Size: 1024B - Virtual size: 1016B

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 37KB - Virtual size: 37KB

PAGE
Size: 1KB - Virtual size: 1KB

INIT
Size: 1024B - Virtual size: 677B

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 4KB - Virtual size: 71KB

.rsrc
Size: 1024B - Virtual size: 1016B

.reloc
Size: 4KB - Virtual size: 3KB