75a942d774c6471340549bf3d9b16bbf_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

75a942d774c6471340549bf3d9b16bbf_JaffaCakes118
Size

56KB
MD5

75a942d774c6471340549bf3d9b16bbf
SHA1

655076cb2258f69931d0b864ed46f6f6ae93c9f5
SHA256

f48ae1b64009da9653581ed99118b09b3d665343929667c26f6abcf579f5d214
SHA512

d6272abf130f44fbee088fb857b4c2e4d519df31920af1771f3af07660735e905a76e67245ba5060dcf3af7ed4ec6a4175538a55f32b1a221a931d3f05820864
SSDEEP

768:E+oYa2Jnnt/J/9OzoHkRoOUJoSzfFTEHv0F0zj9FzK2HKSedVJd3vT:ZoY5nt1kEHkRE/fFssan9dqvdrxvT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
75a942d774c6471340549bf3d9b16bbf_JaffaCakes118

Files

75a942d774c6471340549bf3d9b16bbf_JaffaCakes118
.dll windows:4 windows x86 arch:x86

07391c61713fa9f27261d8e3d854d28b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

strlen
strchr
RtlAnsiStringToUnicodeString
RtlInitAnsiString
ObReferenceObjectByHandle
PsCreateSystemThread
NtBuildNumber
InterlockedCompareExchange
KeSetEvent
_stricmp
ZwQuerySystemInformation
IofCompleteRequest
InterlockedIncrement
RtlUnicodeStringToInteger
ObfDereferenceObject
InterlockedDecrement
RtlFreeUnicodeString
PsTerminateSystemThread
KeWaitForSingleObject
swprintf
strstr
strncmp
sprintf
memmove
KeInitializeEvent
atol
InterlockedExchange
IoDeleteSymbolicLink
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
KeTickCount
ZwCreateEvent
KefReleaseSpinLockFromDpcLevel
KefAcquireSpinLockAtDpcLevel
KeInitializeSemaphore
KeReleaseMutex
KeReleaseSemaphore
_except_handler3
KeReadStateSemaphore
KeSetPriorityThread
KeGetCurrentThread
KeInitializeMutex
KeInitializeSpinLock
ZwQueryVolumeInformationFile
ZwQueryInformationProcess
memset
ZwEnumerateKey
ZwDeleteKey
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
ZwOpenKey
KeServiceDescriptorTable
ZwQueryValueKey
ZwSetValueKey
ZwCreateFile
ZwOpenFile
ZwReadFile
ZwWriteFile
ZwDeleteFile
ZwClose
ZwQueryInformationFile
ZwSetInformationFile
ZwQueryDirectoryFile
RtlInitUnicodeString
RtlCompareUnicodeString
ExFreePool
RtlCompareMemory
ExAllocatePoolWithTag
memcpy
atoi
KeQuerySystemTime

hal

KfReleaseSpinLock
KfAcquireSpinLock

ndis.sys

NdisFreePacketPool
NdisFreeSpinLock
NdisDprAllocatePacket
NdisDprFreePacket
NdisUnchainBufferAtFront
NdisAllocateBufferPool
NdisAllocatePacketPoolEx
NdisMSleep
NdisQueryBufferOffset
NDIS_BUFFER_TO_SPAN_PAGES
NdisFreeBufferPool
NdisQueryBuffer
NdisFreeBuffer
NdisAllocatePacket
NdisAllocateBuffer
NdisFreePacket
NdisAllocateSpinLock
NdisDprAcquireSpinLock
NdisDprReleaseSpinLock
NdisAcquireSpinLock
NdisReleaseSpinLock
NdisCloseAdapter
NdisGetFirstBufferFromPacket
NdisOpenAdapter

Sections

.text
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 680B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

07391c61713fa9f27261d8e3d854d28b

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

ndis.sys

Sections

.text Size: 38KB - Virtual size: 37KB

PAGE Size: 1KB - Virtual size: 1KB

INIT Size: 1024B - Virtual size: 680B

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 4KB - Virtual size: 71KB

.rsrc Size: 1024B - Virtual size: 1008B

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 38KB - Virtual size: 37KB

PAGE
Size: 1KB - Virtual size: 1KB

INIT
Size: 1024B - Virtual size: 680B

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 4KB - Virtual size: 71KB

.rsrc
Size: 1024B - Virtual size: 1008B

.reloc
Size: 4KB - Virtual size: 3KB