7381aa7be450689a63909b9e847ad280_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

7381aa7be450689a63909b9e847ad280_JaffaCakes118
Size

850KB
MD5

7381aa7be450689a63909b9e847ad280
SHA1

5c877eb4ca74e57a37c165037cc709af1dc0bb29
SHA256

747a7485112e1a7d1e74c2d29d00130f6432b280a9a0ef4f6a08a9e9735814a7
SHA512

b84e06286ada5d143f41c5f48a4ef4a652a3d2e2aca3d4996b6204f00419d00256de1a6c28d0b5e8f751ab08c2a0683ae93840f7998c2018bae632de87b25cab
SSDEEP

12288:i3gabUlHWTQp3BoVP8w8QbtIOBK3sItlr+S4wFIvtfafpj+poldgFqeStpxgpZpV:iRb+HWEp3cP8wvbt/BYtlrIaIQVwIY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7381aa7be450689a63909b9e847ad280_JaffaCakes118

Files

7381aa7be450689a63909b9e847ad280_JaffaCakes118
.dll windows:5 windows x86 arch:x86

fe7a0860efbbcd58502a36a21c3048bc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

ati3d1ag.pdb

Imports

win32k.sys

EngDeleteEvent
EngWaitForSingleObject
EngCreateEvent
EngSetEvent
EngAllocMem
EngFreeMem
EngAllocUserMem
EngFreeUserMem
EngDeviceIoControl
EngMultiByteToUnicodeN
EngUnmapFile
EngMapFile
EngDeleteFile
EngQueryPerformanceCounter
EngQueryPerformanceFrequency
EngQueryLocalTime
RtlUnwind
RtlUnicodeToMultiByteN
RtlRaiseException

Exports

Exports

VPEAccessCallback
bD3dHslSetDriverCallsEx
bDD4DISPEnableDD
bDD4DISPInitDD
bDdHslQueryCIInfo
bDdHslQueryRegistryValue
bDdHslSharedMemFree
bDdHslVideoMemoryFree
dDdHslEscape
pDD4DISPDeriveSurface
pDdHslQueryDeviceObject
pDdHslSharedMemCalloc
vD3dHslSetDriverCalls
vDD4DISPDisableDD
vDD4DISPExitDD
vDD4DISPHandlePanCallback
vDD4DISPSetDDCallBacks
vDVDHSLUpdatePDEV
vDdHslVideoMemoryAlloc

Sections

.text
Size: 520KB - Virtual size: 520KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text2
Size: 255KB - Virtual size: 255KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 640B - Virtual size: 625B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 512B - Virtual size: 506B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fe7a0860efbbcd58502a36a21c3048bc

Headers

File Characteristics

PDB Paths

Imports

win32k.sys

Exports

Exports

Sections

.text Size: 520KB - Virtual size: 520KB

.text2 Size: 255KB - Virtual size: 255KB

.rdata Size: 9KB - Virtual size: 9KB

.data Size: 49KB - Virtual size: 49KB

.edata Size: 640B - Virtual size: 625B

INIT Size: 512B - Virtual size: 506B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 12KB - Virtual size: 12KB

.text
Size: 520KB - Virtual size: 520KB

.text2
Size: 255KB - Virtual size: 255KB

.rdata
Size: 9KB - Virtual size: 9KB

.data
Size: 49KB - Virtual size: 49KB

.edata
Size: 640B - Virtual size: 625B

INIT
Size: 512B - Virtual size: 506B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 12KB - Virtual size: 12KB