471f3c9b6d781395324996df752f166c_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

471f3c9b6d781395324996df752f166c_JaffaCakes118
Size

746KB
MD5

471f3c9b6d781395324996df752f166c
SHA1

256d0dc4768f621d1489e87eb324f8696c064090
SHA256

1bb9edcbaa205efa549fb3303de9eb89057dc4048ae2c71fded11bee8d321e44
SHA512

81e0349145d5e8bafee44545f250944995daede9a92d6d822df2ccb58321a54bcb00c30783dd922ddce4a28e2e4ad8c206eec95e5d5900c634054cc12292dd10
SSDEEP

6144:eT5PDxHCelNAjTUZGvGhRz3HLGOuDxawfnVQ9/q8thKb4t:eT5BlNAfUkGhRz3rGOmxPQhtn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
471f3c9b6d781395324996df752f166c_JaffaCakes118

Files

471f3c9b6d781395324996df752f166c_JaffaCakes118
.dll windows:5 windows x86 arch:x86

bb2879cd10bf7d5586e53356d3d0b479

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

KeSetEvent
KeReleaseMutex
KeInitializeEvent
KeClearEvent
KeInitializeMutex
ZwClose
ZwCreateKey
ZwDeleteValueKey
ZwQueryValueKey
ZwOpenKey
_except_handler3
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
ObfDereferenceObject
IoRegisterShutdownNotification
ObReferenceObjectByHandle
ExAllocatePoolWithTag
ExFreePoolWithTag
PsCreateSystemThread
KeDelayExecutionThread
PsGetVersion
MmGetSystemRoutineAddress
_wcsnicmp
MmSystemRangeStart
IoGetInitialStack
ObOpenObjectByName
ZwQuerySystemInformation
ZwFreeVirtualMemory
KeInsertQueueApc
KeInitializeApc
IoIsSystemThread
PsLookupThreadByThreadId
MmUserProbeAddress
ZwQueryInformationProcess
KeUnstackDetachProcess
PsLookupProcessByProcessId
RtlFreeUnicodeString
RtlStringFromGUID
ZwCreateEvent
KeQueryInterruptTime
ZwWriteFile
KeGetCurrentThread
MmMapLockedPagesSpecifyCache
ExFreePool

Sections

.text
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 980B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pak0
Size: - Virtual size: 994B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.pak1
Size: - Virtual size: 389KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.pak2
Size: 420KB - Virtual size: 419KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 325KB - Virtual size: 324KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bb2879cd10bf7d5586e53356d3d0b479

Headers

File Characteristics

Imports

Sections

.text Size: - Virtual size: 12KB

.rdata Size: - Virtual size: 980B

.data Size: - Virtual size: 984B

INIT Size: - Virtual size: 1KB

.pak0 Size: - Virtual size: 994B

.pak1 Size: - Virtual size: 389KB

.pak2 Size: 420KB - Virtual size: 419KB

.reloc Size: 325KB - Virtual size: 324KB

.text
Size: - Virtual size: 12KB

.rdata
Size: - Virtual size: 980B

.data
Size: - Virtual size: 984B

INIT
Size: - Virtual size: 1KB

.pak0
Size: - Virtual size: 994B

.pak1
Size: - Virtual size: 389KB

.pak2
Size: 420KB - Virtual size: 419KB

.reloc
Size: 325KB - Virtual size: 324KB