6721d0d028d0925461a940fa1a02e4db_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

6721d0d028d0925461a940fa1a02e4db_JaffaCakes118
Size

32KB
MD5

6721d0d028d0925461a940fa1a02e4db
SHA1

6acb2af1c918f25723fc3ec230ee6b5d01a2f724
SHA256

ea876900949980718bae797a513d9eb5933233f477d15b4acc95e39cea9e2e16
SHA512

3e601e7373636096bbb42221ead8bfce6009e65dddefd1550685ee1848bb2bb695c3f921d3f074fed6ee25a6ef8b013c0440abb345b354822f8ddf4de95cedaa
SSDEEP

768:bt6nD0kmZLc4/zHY/ZfNshsFWeLaKBHbhZ/X3AQqiDfV:x66L7/+lGK+QqO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6721d0d028d0925461a940fa1a02e4db_JaffaCakes118

Files

6721d0d028d0925461a940fa1a02e4db_JaffaCakes118
.dll windows:5 windows x86 arch:x86

fe6a7677c4978706bfab494d22516f34

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

MmUnmapLockedPages
MmProtectMdlSystemAddress
MmAddVerifierThunks
MmAllocateMappingAddress
MmAdvanceMdl
RtlSubtreePredecessor
RtlRealSuccessor
RtlStringFromGUID
IoBuildDeviceIoControlRequest
ExFreePoolWithTag
ZwQueryFullAttributesFile
VerSetConditionMask
_wcsnicmp
ZwMapViewOfSection
RtlAppendUnicodeToString
RtlUnicodeStringToAnsiString
wcsncat
ZwSetVolumeInformationFile
RtlCompareString
MmAddPhysicalMemory
ZwSetEvent
RtlLengthSecurityDescriptor
RtlFreeAnsiString
strrchr
_wcsupr
wcsspn
ZwOpenFile
RtlxUnicodeStringToAnsiSize
ZwDeleteKey
ZwLoadDriver
RtlCreateRegistryKey
MmUnmapViewInSessionSpace

Exports

Exports

__ZwDuplicateObject@8
__ZwFsControlFile@4
__ZwOpenDirectoryObject@4

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.excode
Size: 512B - Virtual size: 347B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 592B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 864B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 316B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fe6a7677c4978706bfab494d22516f34

Headers

File Characteristics

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 4KB

.excode Size: 512B - Virtual size: 347B

.rdata Size: 1024B - Virtual size: 592B

.pdata Size: 16KB - Virtual size: 16KB

.edata Size: 512B - Virtual size: 152B

INIT Size: 1024B - Virtual size: 864B

.rsrc Size: 7KB - Virtual size: 6KB

.reloc Size: 512B - Virtual size: 316B

.text
Size: 4KB - Virtual size: 4KB

.excode
Size: 512B - Virtual size: 347B

.rdata
Size: 1024B - Virtual size: 592B

.pdata
Size: 16KB - Virtual size: 16KB

.edata
Size: 512B - Virtual size: 152B

INIT
Size: 1024B - Virtual size: 864B

.rsrc
Size: 7KB - Virtual size: 6KB

.reloc
Size: 512B - Virtual size: 316B