a21c1bb4d5598aac11082d7d837bfbc2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a21c1bb4d5598aac11082d7d837bfbc2_JaffaCakes118
Size

4.3MB
MD5

a21c1bb4d5598aac11082d7d837bfbc2
SHA1

48f6354c57a50f8e1a385f95ea4cf554fdae65ba
SHA256

f35e18fb656aec49c8692ea1a4e3c52028a483d4ec588020c38df972dbe633eb
SHA512

3c3eee619db050f9d2ba8b3715a4828f92bec008af58d52f0e645815fca03292fed8b6fcbc623c8cf47c0f2a9351fffc895b1fb1545615f9ff86c45f5a91adeb
SSDEEP

98304:RnSqdZ/RRnSqdZ/RMnSqdZ/RpnSqdZ/RmnSqdZ/RknI:JH/jH/GH/rH/cH/iI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a21c1bb4d5598aac11082d7d837bfbc2_JaffaCakes118

Files

a21c1bb4d5598aac11082d7d837bfbc2_JaffaCakes118
.dll windows:5 windows x86 arch:x86

a6d79077061c3b968bb8e26246f0645b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

KeSetEvent
KeReleaseMutex
KeWaitForSingleObject
KeInitializeEvent
KeClearEvent
KeInitializeMutex
ZwClose
ZwLoadDriver
ZwSetValueKey
ZwCreateKey
RtlInitUnicodeString
swprintf
ZwDeleteValueKey
ZwQueryValueKey
ZwOpenKey
wcschr
IofCompleteRequest
ProbeForWrite
ProbeForRead
_except_handler3
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
PsSetCreateProcessNotifyRoutine
wcstombs
ObfReferenceObject
ObfDereferenceObject
IoRegisterBootDriverReinitialization
IoRegisterShutdownNotification
ObReferenceObjectByHandle
ZwOpenFile
IoCreateFile
ZwReadFile
ZwQueryInformationFile
PsTerminateSystemThread
ZwSetInformationFile
ExAllocatePoolWithTag
ExFreePoolWithTag
PsCreateSystemThread
KeDelayExecutionThread
_allmul
PsGetVersion
MmGetSystemRoutineAddress
IoGetRelatedDeviceObject
_wcsnicmp
MmSystemRangeStart
MmIsAddressValid
IoGetInitialStack
ObOpenObjectByName
ZwQuerySystemInformation
ZwAllocateVirtualMemory
ZwFreeVirtualMemory
KeInsertQueueApc
KeInitializeApc
PsIsThreadTerminating
IoIsSystemThread
PsLookupThreadByThreadId
MmUserProbeAddress
ZwQueryInformationProcess
KeUnstackDetachProcess
KeStackAttachProcess
PsLookupProcessByProcessId
RtlFreeUnicodeString
RtlStringFromGUID
ZwCreateEvent
ZwOpenEvent
ExAllocatePool
KeQueryInterruptTime
ZwWriteFile
KeGetCurrentThread
IoAllocateMdl
MmProbeAndLockPages
MmMapLockedPagesSpecifyCache
MmUnlockPages
IoFreeMdl
ExAllocatePool
ExFreePool
NtQuerySystemInformation

hal

KeGetCurrentIrql

Sections

.text
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 1012B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pak0
Size: - Virtual size: 1016B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.pak1
Size: - Virtual size: 398KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.pak2
Size: 438KB - Virtual size: 437KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 365KB - Virtual size: 365KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a6d79077061c3b968bb8e26246f0645b

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: - Virtual size: 12KB

.rdata Size: - Virtual size: 1012B

.data Size: - Virtual size: 1000B

INIT Size: - Virtual size: 1KB

.pak0 Size: - Virtual size: 1016B

.pak1 Size: - Virtual size: 398KB

.pak2 Size: 438KB - Virtual size: 437KB

.reloc Size: 365KB - Virtual size: 365KB

.text
Size: - Virtual size: 12KB

.rdata
Size: - Virtual size: 1012B

.data
Size: - Virtual size: 1000B

INIT
Size: - Virtual size: 1KB

.pak0
Size: - Virtual size: 1016B

.pak1
Size: - Virtual size: 398KB

.pak2
Size: 438KB - Virtual size: 437KB

.reloc
Size: 365KB - Virtual size: 365KB