5bf8ccbebf94fc944fa04b014d128d7c_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

5bf8ccbebf94fc944fa04b014d128d7c_JaffaCakes118
Size

32KB
MD5

5bf8ccbebf94fc944fa04b014d128d7c
SHA1

5a7c42d0b000b890fe6d3b8e695d64b83da9f6b2
SHA256

53368117089b0bb24a5bb4e201628eb63578214f3e7ca4e255bd5c9986688471
SHA512

79c93a4be1ef18f999505cb30b79c8def91e9f4a205bad1a7bf615d0b6320f5b2b1b0536d9cace6a44f0094e176175153b2e111aa7cc322d17a4a91e26263498
SSDEEP

768:kqB6GEeh9OMWfKZxj43VF8Ptg8cELWjF36WQrKWukKgy+Df:R6GEWOd4xjmVFejZ3T

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5bf8ccbebf94fc944fa04b014d128d7c_JaffaCakes118

Files

5bf8ccbebf94fc944fa04b014d128d7c_JaffaCakes118
.dll windows:5 windows x86 arch:x86

f263e69db3f4fa3419398ede2a03a0cb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

MmUnmapLockedPages
MmProtectMdlSystemAddress
MmAllocateMappingAddress
MmProbeAndLockProcessPages
MmAdvanceMdl
RtlSubtreePredecessor
RtlRealSuccessor
RtlStringFromGUID
IoBuildDeviceIoControlRequest
ExFreePoolWithTag
ZwFsControlFile
ZwQueryFullAttributesFile
VerSetConditionMask
_wcsnicmp
ZwMapViewOfSection
RtlIntegerToUnicodeString
RtlCheckRegistryKey
RtlAppendUnicodeToString
RtlUnicodeStringToAnsiString
_strupr
wcsncat
RtlCompareString
MmAddPhysicalMemory
ZwSetEvent
RtlLengthSecurityDescriptor
RtlFreeAnsiString
strrchr
wcsspn
ZwOpenFile
RtlxUnicodeStringToAnsiSize
ZwDeleteKey
ZwLoadDriver
MmUnmapViewInSessionSpace

Exports

Exports

__ZwFlushVirtualMemory@4
__ZwOpenThreadTokenEx@4
__ZwSetEvent@8

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.excode
Size: 512B - Virtual size: 349B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 600B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 890B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 364B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f263e69db3f4fa3419398ede2a03a0cb

Headers

File Characteristics

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 5KB - Virtual size: 4KB

.excode Size: 512B - Virtual size: 349B

.rdata Size: 1024B - Virtual size: 600B

.pdata Size: 16KB - Virtual size: 16KB

.edata Size: 512B - Virtual size: 148B

INIT Size: 1024B - Virtual size: 890B

.rsrc Size: 7KB - Virtual size: 6KB

.reloc Size: 512B - Virtual size: 364B

.text
Size: 5KB - Virtual size: 4KB

.excode
Size: 512B - Virtual size: 349B

.rdata
Size: 1024B - Virtual size: 600B

.pdata
Size: 16KB - Virtual size: 16KB

.edata
Size: 512B - Virtual size: 148B

INIT
Size: 1024B - Virtual size: 890B

.rsrc
Size: 7KB - Virtual size: 6KB

.reloc
Size: 512B - Virtual size: 364B