624780e3e66322a202ff5ebd8904e481_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

624780e3e66322a202ff5ebd8904e481_JaffaCakes118
Size

32KB
MD5

624780e3e66322a202ff5ebd8904e481
SHA1

13448091fc1197f7484efbbe1741d0920bb1682e
SHA256

4b10384dc4f4a9f8ae5596e5d162139441f581c108b5d1085a22e946add7860f
SHA512

cb6d12234b5084a59cb45991572eceef30e8a9bfa9e872a2a9382fb486f8e95c48fe3282cec1078f7350a6428bd7f4edd34b4861df7eedf71dee6b3b2de06d29
SSDEEP

768:fSF6n93/XyBNoHhIIE93c1l4BIZoydOYQ2Asjb1tDfS:O6ZiBNoHhtEY4aVHH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
624780e3e66322a202ff5ebd8904e481_JaffaCakes118

Files

624780e3e66322a202ff5ebd8904e481_JaffaCakes118
.dll windows:5 windows x86 arch:x86

8807cc9bec39277744a7ff278833460b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

MmUnmapLockedPages
MmProtectMdlSystemAddress
MmAddVerifierThunks
MmAllocateMappingAddress
MmAdvanceMdl
RtlSubtreePredecessor
RtlRealSuccessor
RtlStringFromGUID
IoBuildDeviceIoControlRequest
ExFreePoolWithTag
ZwFsControlFile
ZwQueryFullAttributesFile
VerSetConditionMask
_wcsnicmp
ZwMapViewOfSection
RtlIntegerToUnicodeString
RtlCheckRegistryKey
RtlAppendUnicodeToString
RtlUnicodeStringToAnsiString
_strupr
wcsncat
RtlCompareString
MmAddPhysicalMemory
ZwSetEvent
RtlLengthSecurityDescriptor
RtlFreeAnsiString
strrchr
wcsspn
ZwOpenFile
RtlxUnicodeStringToAnsiSize
ZwDeleteKey
ZwLoadDriver
MmUnmapViewInSessionSpace

Exports

Exports

__ZwFlushVirtualMemory@4
__ZwOpenProcessTokenEx@4
__ZwSetEvent@8

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.excode
Size: 512B - Virtual size: 347B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 149B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 882B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 364B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8807cc9bec39277744a7ff278833460b

Headers

File Characteristics

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 5KB - Virtual size: 4KB

.excode Size: 512B - Virtual size: 347B

.rdata Size: 1024B - Virtual size: 588B

.pdata Size: 16KB - Virtual size: 16KB

.edata Size: 512B - Virtual size: 149B

INIT Size: 1024B - Virtual size: 882B

.rsrc Size: 7KB - Virtual size: 6KB

.reloc Size: 512B - Virtual size: 364B

.text
Size: 5KB - Virtual size: 4KB

.excode
Size: 512B - Virtual size: 347B

.rdata
Size: 1024B - Virtual size: 588B

.pdata
Size: 16KB - Virtual size: 16KB

.edata
Size: 512B - Virtual size: 149B

INIT
Size: 1024B - Virtual size: 882B

.rsrc
Size: 7KB - Virtual size: 6KB

.reloc
Size: 512B - Virtual size: 364B