5b5582ece7cc3abc7c006b88120fc54a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5b5582ece7cc3abc7c006b88120fc54a_JaffaCakes118
Size

26KB
MD5

5b5582ece7cc3abc7c006b88120fc54a
SHA1

0fc49694836807985352aa109df46e2c410f10ce
SHA256

50252f83369a5df25f480e058b5e21184e924c1b7ef0f08f01d37784ae588273
SHA512

3769f88d3054f1407b67e6cf6fa8992760c33fe92952ae9e1063c5dd5afd7facb7617de50766a7e2aee51e9a094e48f6eed3117abadc2dcd92fdd37fe20121cf
SSDEEP

384:CJ2Goj3D4XF2t9Da/jdGWvGuqe2qmFuotjgMslVFiD6V:u2bAXCgGruF2qYs66

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5b5582ece7cc3abc7c006b88120fc54a_JaffaCakes118

Files

5b5582ece7cc3abc7c006b88120fc54a_JaffaCakes118
.sys windows:5 windows x86 arch:x86

ae5b8189a5cb559098d8c78d5e3389eb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\ruanen~1\dbkker~1\objfre_wxp_x86\i386\sistema32.pdb

Imports

ntoskrnl.exe

KeInitializeApc
KeGetCurrentThread
ExAllocatePoolWithTag
ZwOpenProcess
IofCompleteRequest
ZwAllocateVirtualMemory
PsSetCreateThreadNotifyRoutine
PsSetCreateProcessNotifyRoutine
ZwQuerySystemInformation
PsSetLoadImageNotifyRoutine
MmAllocateNonCachedMemory
MmFreeNonCachedMemory
KeDetachProcess
MmGetPhysicalAddress
KeStackAttachProcess
ZwClose
ZwUnmapViewOfSection
ZwMapViewOfSection
ZwOpenSection
ObfDereferenceObject
ZwOpenThread
ObOpenObjectByPointer
MmGetSystemRoutineAddress
RtlInitUnicodeString
KeInsertQueueApc
_except_handler3
IoDeleteSymbolicLink
IoDeleteDevice
KeInitializeSpinLock
KeClearEvent
IoCreateNotificationEvent
IoAllocateWorkItem
IoCreateSymbolicLink
IoCreateDevice
ZwQueryValueKey
ZwOpenKey
PsGetCurrentThreadId
PsGetCurrentProcessId
RtlFreeAnsiString
RtlUpperString
RtlUnicodeStringToAnsiString
_local_unwind2
PsLookupThreadByThreadId
KeSetEvent
KeWaitForSingleObject
KeReleaseSemaphore
KeTickCount
KeBugCheckEx
KeDelayExecutionThread
ExFreePoolWithTag
PsLookupProcessByProcessId
DbgPrint

hal

KfAcquireSpinLock
KfReleaseSpinLock
KeGetCurrentIrql

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 896B - Virtual size: 772B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ae5b8189a5cb559098d8c78d5e3389eb

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

hal

Sections

.text Size: 17KB - Virtual size: 16KB

.rdata Size: 896B - Virtual size: 772B

.data Size: 3KB - Virtual size: 3KB

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 17KB - Virtual size: 16KB

.rdata
Size: 896B - Virtual size: 772B

.data
Size: 3KB - Virtual size: 3KB

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB