646f19789b85dede4adf438a51a50caa_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

646f19789b85dede4adf438a51a50caa_JaffaCakes118
Size

129KB
MD5

646f19789b85dede4adf438a51a50caa
SHA1

c106de3e633669ab6b7f7606fe49fbb087043f41
SHA256

265b6f1adf9b879c8a2e6bcbdd1b90dff6a785c22e235822f6bf71a4d53198c2
SHA512

1b1eb2fe3dccc0ad9a7174aa1ef5578283cf1a779564c7ec8b6890d8e7874e9db85dcc9d59de52ed788ee672077bcbee78359f17247d853c4532bd3586b3cf79
SSDEEP

3072:p+l/PBXF7o1w9E3eP3xBCdSgw49p0Zl4zKa+NrNh7we1qSfOsMj:p+l/PBXF7o1N3yCfw4ynaqPmSfO3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
646f19789b85dede4adf438a51a50caa_JaffaCakes118

Files

646f19789b85dede4adf438a51a50caa_JaffaCakes118
.sys windows:5 windows x86 arch:x86

d3daf2245dcd370775e5c6428fc0e118

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_AGGRESIVE_WS_TRIM
IMAGE_FILE_32BIT_MACHINE

PDB Paths

smss.pdb

Imports

ntdll

NtTerminateProcess
NtRaiseHardError
RtlInitUnicodeString
RtlAdjustPrivilege
RtlFreeHeap
RtlUpcaseUnicodeChar
RtlUnicodeStringToInteger
RtlAllocateHeap
RtlFreeUnicodeString
DbgPrintEx
RtlExtendedIntegerMultiply
NtQueryVolumeInformationFile
NtOpenFile
NtClose
wcslen
wcscpy
NtQueryInformationProcess
NtCreatePagingFile
NtSetInformationFile
NtQueryInformationFile
DbgPrint
NtQuerySystemInformation
_allmul
NtSetSecurityObject
RtlSetOwnerSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlAddAccessAllowedAce
RtlCreateAcl
RtlCreateSecurityDescriptor
RtlAllocateAndInitializeSid
RtlDosPathNameToNtPathName_U
RtlExpandEnvironmentStrings_U
NtQueryValueKey
swprintf
NtOpenKey
NtSetValueKey
NtCreateKey
NtCreateFile
NtReadFile
_chkstk
wcsstr
_wcsupr
NtMakeTemporaryObject
NtCreateSymbolicLinkObject
NtOpenDirectoryObject
wcsncpy
RtlAnsiStringToUnicodeString
RtlInitAnsiString
_stricmp
NtCreateSection
LdrVerifyImageMatchesChecksum
NtCreateDirectoryObject
RtlSetEnvironmentVariable
LdrUnloadDll
LdrGetProcedureAddress
RtlInitString
LdrLoadDll
RtlCompareUnicodeString
RtlEqualString
memmove
_wcsicmp
RtlCreateUnicodeString
RtlDosSearchPath_U
RtlQueryEnvironmentVariable_U
RtlEqualUnicodeString
RtlAppendUnicodeToString
RtlAppendUnicodeStringToString
NtWaitForSingleObject
NtResumeThread
RtlDestroyProcessParameters
RtlCreateUserProcess
RtlCreateProcessParameters
RtlUnlockBootStatusData
RtlGetSetBootStatusData
RtlLockBootStatusData
NtDisplayString
sprintf
NtDuplicateObject
RtlLengthSid
RtlGetAce
RtlPrefixUnicodeString
NtQuerySymbolicLinkObject
NtOpenSymbolicLinkObject
NtQueryDirectoryObject
NtRequestWaitReplyPort
RtlFindMessage
NtSetEvent
NtSetSystemInformation
NtCreateEvent
RtlLeaveCriticalSection
RtlEnterCriticalSection
wcscat
LdrQueryImageFileExecutionOptions
NtDelayExecution
NtInitializeRegistry
RtlQueryRegistryValues
NtDeleteValueKey
RtlCreateEnvironment
RtlCreateUserThread
NtCreatePort
RtlInitializeCriticalSection
NtSetInformationProcess
RtlCreateTagHeap
NtSetInformationThread
NtQueryInformationToken
NtOpenThreadToken
NtImpersonateClientOfPort
NtConnectPort
NtCompleteConnectPort
NtAcceptConnectPort
NtOpenProcess
NtReplyWaitReceivePort
RtlExitUserThread
NtReplyPort
RtlSetThreadIsCritical
NtWaitForMultipleObjects
RtlSetProcessIsCritical
RtlUnicodeStringToAnsiString
NtAdjustPrivilegesToken
NtOpenProcessToken
RtlUnhandledExceptionFilter
RtlUnwind
NtQueryVirtualMemory
DbgBreakPoint
RtlNormalizeProcessParams

Sections

.text
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 83KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d3daf2245dcd370775e5c6428fc0e118

Headers

File Characteristics

PDB Paths

Imports

ntdll

Sections

.text Size: 43KB - Virtual size: 42KB

.data Size: 1024B - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 83KB - Virtual size: 84KB

.text
Size: 43KB - Virtual size: 42KB

.data
Size: 1024B - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 83KB - Virtual size: 84KB