67c706d05a0cb70ee67fbeeefa1efa63_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

67c706d05a0cb70ee67fbeeefa1efa63_JaffaCakes118
Size

32KB
MD5

67c706d05a0cb70ee67fbeeefa1efa63
SHA1

53d5442504dfb2e91c66c7af4eb4a47aebc1c9ee
SHA256

bb5a26c1ba8c7b8797c02ea4a8f5a061da48fc4f03b7618cb5d2cb08cd6ce548
SHA512

a5d21dca18c981dd43066343bb624a313408d02470b900dd19cc740d43ecafc9e5e57704d02f0ef1f062b9054e49ea439bb72573696f0a6c5789f5266aee9834
SSDEEP

768:uQU6n9kv1rKL+ps4Hk66374szDUOD+CftYLizDf:Y6GQKHkss/URq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
67c706d05a0cb70ee67fbeeefa1efa63_JaffaCakes118

Files

67c706d05a0cb70ee67fbeeefa1efa63_JaffaCakes118
.dll windows:5 windows x86 arch:x86

8807cc9bec39277744a7ff278833460b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

MmUnmapLockedPages
MmProtectMdlSystemAddress
MmAddVerifierThunks
MmAllocateMappingAddress
MmAdvanceMdl
RtlSubtreePredecessor
RtlRealSuccessor
RtlStringFromGUID
IoBuildDeviceIoControlRequest
ExFreePoolWithTag
ZwFsControlFile
ZwQueryFullAttributesFile
VerSetConditionMask
_wcsnicmp
ZwMapViewOfSection
RtlIntegerToUnicodeString
RtlCheckRegistryKey
RtlAppendUnicodeToString
RtlUnicodeStringToAnsiString
_strupr
wcsncat
RtlCompareString
MmAddPhysicalMemory
ZwSetEvent
RtlLengthSecurityDescriptor
RtlFreeAnsiString
strrchr
wcsspn
ZwOpenFile
RtlxUnicodeStringToAnsiSize
ZwDeleteKey
ZwLoadDriver
MmUnmapViewInSessionSpace

Exports

Exports

__ZwAllocateVirtualMemory@4
__ZwFreeVirtualMemory@8
__ZwWaitForSingleObject@4

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.excode
Size: 512B - Virtual size: 347B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 580B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 162B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 882B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 362B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8807cc9bec39277744a7ff278833460b

Headers

File Characteristics

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 5KB - Virtual size: 4KB

.excode Size: 512B - Virtual size: 347B

.rdata Size: 1024B - Virtual size: 580B

.pdata Size: 16KB - Virtual size: 16KB

.edata Size: 512B - Virtual size: 162B

INIT Size: 1024B - Virtual size: 882B

.rsrc Size: 7KB - Virtual size: 6KB

.reloc Size: 512B - Virtual size: 362B

.text
Size: 5KB - Virtual size: 4KB

.excode
Size: 512B - Virtual size: 347B

.rdata
Size: 1024B - Virtual size: 580B

.pdata
Size: 16KB - Virtual size: 16KB

.edata
Size: 512B - Virtual size: 162B

INIT
Size: 1024B - Virtual size: 882B

.rsrc
Size: 7KB - Virtual size: 6KB

.reloc
Size: 512B - Virtual size: 362B