89a08b69ea2d6651578ee967d98dfe87_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

89a08b69ea2d6651578ee967d98dfe87_JaffaCakes118
Size

57KB
MD5

89a08b69ea2d6651578ee967d98dfe87
SHA1

0f316ed430763efef28a924742e0498002023755
SHA256

9c0ac0760f9cc522818971e23fb9d1f5017a63abe01a88923f0375b97e1d678b
SHA512

405efcbb5380263ce6e001a52dc8473c75ff5e050e6036b3656a1206f031e9a5f605d50c6e7a0354f661cbaa9deaff4eee73e8c8502a299d8c929e60935f516e
SSDEEP

768:x+yIa2Jf3t8J/1Gb4jwRtOmMoSKFTEnvDF0zj9FzBF2HKSndVJd3OT:YyI5PtQs8jwRTRFMLan9sq2drxOT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
89a08b69ea2d6651578ee967d98dfe87_JaffaCakes118

Files

89a08b69ea2d6651578ee967d98dfe87_JaffaCakes118
.dll windows:4 windows x86 arch:x86

07391c61713fa9f27261d8e3d854d28b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

strlen
strchr
RtlAnsiStringToUnicodeString
RtlInitAnsiString
ObReferenceObjectByHandle
PsCreateSystemThread
NtBuildNumber
InterlockedCompareExchange
KeSetEvent
_stricmp
ZwQuerySystemInformation
IofCompleteRequest
InterlockedIncrement
RtlUnicodeStringToInteger
ObfDereferenceObject
InterlockedDecrement
RtlFreeUnicodeString
PsTerminateSystemThread
KeWaitForSingleObject
swprintf
strstr
strncmp
sprintf
memmove
KeInitializeEvent
atol
InterlockedExchange
IoDeleteSymbolicLink
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
KeTickCount
ZwCreateEvent
KefReleaseSpinLockFromDpcLevel
KefAcquireSpinLockAtDpcLevel
KeInitializeSemaphore
KeReleaseMutex
KeReleaseSemaphore
_except_handler3
KeReadStateSemaphore
KeSetPriorityThread
KeGetCurrentThread
KeInitializeMutex
KeInitializeSpinLock
ZwQueryVolumeInformationFile
ZwQueryInformationProcess
memset
ZwEnumerateKey
ZwDeleteKey
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
ZwOpenKey
KeServiceDescriptorTable
ZwQueryValueKey
ZwSetValueKey
ZwCreateFile
ZwOpenFile
ZwReadFile
ZwWriteFile
ZwDeleteFile
ZwClose
ZwQueryInformationFile
ZwSetInformationFile
ZwQueryDirectoryFile
RtlInitUnicodeString
RtlCompareUnicodeString
ExFreePool
RtlCompareMemory
ExAllocatePoolWithTag
memcpy
atoi
KeQuerySystemTime

hal

KfReleaseSpinLock
KfAcquireSpinLock

ndis.sys

NdisFreePacketPool
NdisFreeSpinLock
NdisDprAllocatePacket
NdisDprFreePacket
NdisUnchainBufferAtFront
NdisAllocateBufferPool
NdisAllocatePacketPoolEx
NdisMSleep
NdisQueryBufferOffset
NDIS_BUFFER_TO_SPAN_PAGES
NdisFreeBufferPool
NdisQueryBuffer
NdisFreeBuffer
NdisAllocatePacket
NdisAllocateBuffer
NdisFreePacket
NdisAllocateSpinLock
NdisDprAcquireSpinLock
NdisDprReleaseSpinLock
NdisAcquireSpinLock
NdisReleaseSpinLock
NdisCloseAdapter
NdisGetFirstBufferFromPacket
NdisOpenAdapter

Sections

.text
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 680B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

07391c61713fa9f27261d8e3d854d28b

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

ndis.sys

Sections

.text Size: 38KB - Virtual size: 37KB

PAGE Size: 1KB - Virtual size: 1KB

INIT Size: 1024B - Virtual size: 680B

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 4KB - Virtual size: 71KB

.rsrc Size: 1024B - Virtual size: 1008B

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 38KB - Virtual size: 37KB

PAGE
Size: 1KB - Virtual size: 1KB

INIT
Size: 1024B - Virtual size: 680B

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 4KB - Virtual size: 71KB

.rsrc
Size: 1024B - Virtual size: 1008B

.reloc
Size: 4KB - Virtual size: 3KB