41d32944cfe7c94a3df87c497491c0af_JaffaCakes118

General

Target

41d32944cfe7c94a3df87c497491c0af_JaffaCakes118
Size

70KB
MD5

41d32944cfe7c94a3df87c497491c0af
SHA1

f99aceecbf4abc0962a1165062e3423767c5306c
SHA256

031f02a416c7f181afbf5416da3aafe90b7d6ce7de17902f5af4fdf794f22747
SHA512

97491fd02a81709c5cd8a80a4a24a6e72b30fef62076baa8a8d7e4af18b09fbf398a6ef1c7860b6e458545ec83ca4ec363d55db1323840662bec08ac67425fc5
SSDEEP

1536:KNNlhW0b184QbyVzbdBFrcj85n52tJRc+B9as4dizYmqtZ8GFq:KHlk6184VzbRcjb352ttZ5F

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
41d32944cfe7c94a3df87c497491c0af_JaffaCakes118

Files

41d32944cfe7c94a3df87c497491c0af_JaffaCakes118
.dll windows:4 windows x86 arch:x86

ce7f62606b28518e34ca18049a3009cc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

NtSetSecurityObject
KeSetEvent
PsCreateSystemThread
ExAllocatePool
RtlCreateSecurityDescriptor
MmAllocateContiguousMemorySpecifyCache
KeSynchronizeExecution
KeReleaseSemaphore
wcscspn
IoQueryVolumeInformation
ObCreateObject
IoInitializeTimer
RtlImageNtHeader
memcpy
NtSetInformationProcess
IoAllocateIrp
RtlInitializeGenericTable
SePublicDefaultDacl
PsLookupThreadByThreadId
ExFreePool

hal

HalMakeBeep
KeFlushWriteBuffer
KfLowerIrql
HalAllocateAdapterChannel
HalReadDmaCounter
HalAssignSlotResources
KeTryToAcquireQueuedSpinLock
WRITE_PORT_ULONG
WRITE_PORT_USHORT
HalGetBusDataByOffset
HalSetBusData
HalGetBusData
IoFlushAdapterBuffers
HalBeginSystemInterrupt
READ_PORT_USHORT
HalStartNextProcessor
HalGetAdapter
IoFreeAdapterChannel

Exports

Exports

BrguktkMrrl
EysVnhqSyhrwrhVjxlFg
Kccoj
LyqfBgmp
QegRmdcdMyv

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 61KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 38B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ce7f62606b28518e34ca18049a3009cc

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

hal

Exports

Exports

Sections

.text Size: 3KB - Virtual size: 3KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 61KB - Virtual size: 145KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 38B

.text
Size: 3KB - Virtual size: 3KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 61KB - Virtual size: 145KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 38B