8287929b663f5034437eb217fcf5757b_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

8287929b663f5034437eb217fcf5757b_JaffaCakes118
Size

56KB
MD5

8287929b663f5034437eb217fcf5757b
SHA1

7b001d7fd8f8a3bc0e9da72e2ef51099511b2a90
SHA256

31d1f718d2a97ac4b5c469b947089897119b272f5de201e586bad6063710e807
SHA512

e997725869da7ce531a2934dfcdf0901312d6c66543af93ba60f93991f10ac72d702800699bc5f2005e25cd104d09a5cb857ff5b2f43524381e60e4a100336d8
SSDEEP

768:b+YYa2Jnnt/J/9OzoHkRoO4JoSRFTEXvkF0zj9Fz3H2HKSHdVJd3+T:6YY5nt1kEHkRI1F8can9Qq2drx+T

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8287929b663f5034437eb217fcf5757b_JaffaCakes118

Files

8287929b663f5034437eb217fcf5757b_JaffaCakes118
.dll windows:4 windows x86 arch:x86

07391c61713fa9f27261d8e3d854d28b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

strlen
strchr
RtlAnsiStringToUnicodeString
RtlInitAnsiString
ObReferenceObjectByHandle
PsCreateSystemThread
NtBuildNumber
InterlockedCompareExchange
KeSetEvent
_stricmp
ZwQuerySystemInformation
IofCompleteRequest
InterlockedIncrement
RtlUnicodeStringToInteger
ObfDereferenceObject
InterlockedDecrement
RtlFreeUnicodeString
PsTerminateSystemThread
KeWaitForSingleObject
swprintf
strstr
strncmp
sprintf
memmove
KeInitializeEvent
atol
InterlockedExchange
IoDeleteSymbolicLink
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
KeTickCount
ZwCreateEvent
KefReleaseSpinLockFromDpcLevel
KefAcquireSpinLockAtDpcLevel
KeInitializeSemaphore
KeReleaseMutex
KeReleaseSemaphore
_except_handler3
KeReadStateSemaphore
KeSetPriorityThread
KeGetCurrentThread
KeInitializeMutex
KeInitializeSpinLock
ZwQueryVolumeInformationFile
ZwQueryInformationProcess
memset
ZwEnumerateKey
ZwDeleteKey
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
ZwOpenKey
KeServiceDescriptorTable
ZwQueryValueKey
ZwSetValueKey
ZwCreateFile
ZwOpenFile
ZwReadFile
ZwWriteFile
ZwDeleteFile
ZwClose
ZwQueryInformationFile
ZwSetInformationFile
ZwQueryDirectoryFile
RtlInitUnicodeString
RtlCompareUnicodeString
ExFreePool
RtlCompareMemory
ExAllocatePoolWithTag
memcpy
atoi
KeQuerySystemTime

hal

KfReleaseSpinLock
KfAcquireSpinLock

ndis.sys

NdisFreePacketPool
NdisFreeSpinLock
NdisDprAllocatePacket
NdisDprFreePacket
NdisUnchainBufferAtFront
NdisAllocateBufferPool
NdisAllocatePacketPoolEx
NdisMSleep
NdisQueryBufferOffset
NDIS_BUFFER_TO_SPAN_PAGES
NdisFreeBufferPool
NdisQueryBuffer
NdisFreeBuffer
NdisAllocatePacket
NdisAllocateBuffer
NdisFreePacket
NdisAllocateSpinLock
NdisDprAcquireSpinLock
NdisDprReleaseSpinLock
NdisAcquireSpinLock
NdisReleaseSpinLock
NdisCloseAdapter
NdisGetFirstBufferFromPacket
NdisOpenAdapter

Sections

.text
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 680B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

07391c61713fa9f27261d8e3d854d28b

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

ndis.sys

Sections

.text Size: 38KB - Virtual size: 37KB

PAGE Size: 1KB - Virtual size: 1KB

INIT Size: 1024B - Virtual size: 680B

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 4KB - Virtual size: 71KB

.rsrc Size: 1024B - Virtual size: 1008B

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 38KB - Virtual size: 37KB

PAGE
Size: 1KB - Virtual size: 1KB

INIT
Size: 1024B - Virtual size: 680B

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 4KB - Virtual size: 71KB

.rsrc
Size: 1024B - Virtual size: 1008B

.reloc
Size: 4KB - Virtual size: 3KB