a1c4bd687d28d0a4b39813621adab30b_JaffaCakes118

General

Target

a1c4bd687d28d0a4b39813621adab30b_JaffaCakes118
Size

47KB
MD5

a1c4bd687d28d0a4b39813621adab30b
SHA1

b2d16cf8c00516e99642635cf70fb2219f272a82
SHA256

0bcd61b4edee7c3d392811f3d9436b55047f165ba97d1ffb738ced30106629dd
SHA512

8fd54f538d1ab35b8891d16e578cfdc3c25d88cac698332062f52db1edf95d165372db288c13b353616d8440826b06e4028164c4ce0c86d84e1738bc5e06eaff
SSDEEP

768:H0UeWUsFy/nutlzdd8iywJ2IoZ/Cv9I8GQdn2:HteW1GqoN/+9I5Q92

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a1c4bd687d28d0a4b39813621adab30b_JaffaCakes118

Files

a1c4bd687d28d0a4b39813621adab30b_JaffaCakes118
.dll windows:4 windows x86 arch:x86

5a3c8e4200bd793a399751c4d3814e88

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

strspn
SeUnlockSubjectContext
KeInitializeDpc
NtVdmControl
RtlFreeRangeList
KiAcquireSpinLock
RtlGetElementGenericTable
RtlDecompressBuffer
ZwQuerySystemInformation
FsRtlIsHpfsDbcsLegal
KeInitializeTimerEx
SeSetSecurityDescriptorInfoEx
ExInterlockedAddLargeStatistic
RtlValidSid
FsRtlFastUnlockSingle
ExInterlockedInsertHeadList
PoShutdownBugCheck
RtlxOemStringToUnicodeSize
IoQueueThreadIrp
ExIsResourceAcquiredSharedLite
KeCancelTimer
_aullshr
KeDelayExecutionThread
ExFreePool
KeWaitForSingleObject
KeSetTimerEx
IoAcquireRemoveLockEx
_wcsnset
ExAllocatePool
KeRemoveByKeyDeviceQueue
RtlUpcaseUnicodeString
IoDeviceHandlerObjectSize
IoIsWdmVersionAvailable
ExInterlockedDecrementLong
FsRtlAddToTunnelCache
IoDeviceHandlerObjectType
RtlMergeRangeLists

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5a3c8e4200bd793a399751c4d3814e88

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 10KB - Virtual size: 10KB

.data Size: 31KB - Virtual size: 31KB

.idata Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 10KB - Virtual size: 10KB

.data
Size: 31KB - Virtual size: 31KB

.idata
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB