5ca3972fdfb6b8f1169d3a0f85f04af0_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5ca3972fdfb6b8f1169d3a0f85f04af0_JaffaCakes118
Size

52KB
MD5

5ca3972fdfb6b8f1169d3a0f85f04af0
SHA1

824a80a15b8be31aa424912fe13bd08b3b38db67
SHA256

ff94aad998afe8c09773c90f0dc818be7d3ee353b3281dea7a90d84a51cf1e8f
SHA512

dbc59b76007152c749f0310ee4a4cc6f2f66770e0b2856c6b11b5a75411b2c0c95dbdc79ef3eb0c9efbf013b409259244cc06c82b00e8d21a61c96a74a527047
SSDEEP

1536:OSx0d6FojFriSFhfcDY8yuVRK0+cehMR+HHHS6e:OSmQS/kD+0+Kp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5ca3972fdfb6b8f1169d3a0f85f04af0_JaffaCakes118

Files

5ca3972fdfb6b8f1169d3a0f85f04af0_JaffaCakes118
.dll windows:4 windows x86 arch:x86

6bfc72a20340d958736180d604f84fde

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

RtlRandom
strstr
strrchr
strchr
_snprintf
strncpy
ZwClose
RtlCreateRegistryKey
ExFreePoolWithTag
RtlImageNtHeader
ZwCreateKey
ZwSetSecurityObject
_snwprintf
RtlWriteRegistryValue
ObReferenceObjectByName
IoDriverObjectType
ObfDereferenceObject
RtlEqualUnicodeString
ZwAllocateVirtualMemory
KeGetCurrentThread
KeDelayExecutionThread
IoGetCurrentProcess
FsRtlIsNameInExpression
wcsrchr
MmMapLockedPagesSpecifyCache
sprintf
IoCancelFileOpen
IoGetStackLimits
MmHighestUserAddress
ZwOpenFile
ObReferenceObjectByHandle
swprintf
ZwOpenDirectoryObject
ExAllocatePool
ZwQueryDirectoryObject
_wcsnicmp
IofCompleteRequest
IofCallDriver
ZwEnumerateKey
ZwFlushInstructionCache
ZwQueryObject
RtlCompareMemory
PsLookupProcessByProcessId
KeStackAttachProcess
KeUnstackDetachProcess
PsLookupThreadByThreadId
RtlInitUnicodeString
ZwOpenKey
ZwQueryValueKey
wcsstr
ObfReferenceObject
ObMakeTemporaryObject
PsSetLoadImageNotifyRoutine
ExQueueWorkItem
_wcsicmp
IoQueryFileInformation
_stricmp
ZwDeleteKey
ZwQueryInformationProcess
ZwQuerySystemInformation
RtlImageDirectoryEntryToData
IoAllocateMdl
MmProbeAndLockPages
MmUnmapLockedPages
MmUnlockPages
IoFreeMdl
KeInitializeApc
KeInsertQueueApc
KeServiceDescriptorTable
RtlInitAnsiString
RtlAnsiStringToUnicodeString
ZwCreateFile
RtlFreeUnicodeString
ZwWriteFile
ZwQueryInformationFile
ZwReadFile
ZwSetInformationFile
memcpy
memset

hal

KeRaiseIrqlToDpcLevel
KfLowerIrql

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 736B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6bfc72a20340d958736180d604f84fde

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 11KB - Virtual size: 10KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 32KB - Virtual size: 48KB

.rsrc Size: 1024B - Virtual size: 736B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 11KB - Virtual size: 10KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 32KB - Virtual size: 48KB

.rsrc
Size: 1024B - Virtual size: 736B

.reloc
Size: 1KB - Virtual size: 1KB