b25dab4f5b393313f5e445353dc5fa22_JaffaCakes118

General

Target

b25dab4f5b393313f5e445353dc5fa22_JaffaCakes118
Size

40KB
MD5

b25dab4f5b393313f5e445353dc5fa22
SHA1

d92e464e8ab01a92a92f0ad080cddda1576cc070
SHA256

7c67afab227fe641bab81424a4b9d18aa5fb9bd6ff22d668d48f6c3693e2a6cf
SHA512

443c19b4f4b058e97fc582f4d9b849ee98e7ee6aef3a6cb8267454d35dffca40815fea3d47605e0648ef173889aee99f1f912dc7fe14ad7d0537284585406226
SSDEEP

768:1HPSogqfTVyjZlyzt/sl9prdwW+jWdhoHwqP5C+H3I7qIuoK6tc4w:JPtgqfTsNlYt/S9ZthoHPPY+4+it5w

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b25dab4f5b393313f5e445353dc5fa22_JaffaCakes118

Files

b25dab4f5b393313f5e445353dc5fa22_JaffaCakes118
.dll windows:5 windows x86 arch:x86

d4e0639563a45f18308180487483c92e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

RtlNumberGenericTableElements
ExFreePoolWithTag
IoBuildPartialMdl
ExAllocatePool
RtlUpperChar
RtlLookupElementGenericTable
RtlEqualString
IoGetBootDiskInformation
KeClearEvent
RtlCreateHeap
MmMapLockedPages
VerSetConditionMask
RtlFreeHeap
PoUnregisterSystemState
RtlInitUnicodeString
KeSetEvent
RtlDestroyHeap
KeInitializeEvent
RtlInitString
MmBuildMdlForNonPagedPool
RtlCompareString
PoRequestPowerIrp
RtlUnicodeToOemN
RtlUpcaseUnicodeToOemN
PoSetPowerState
IoWritePartitionTableEx
RtlAllocateHeap
KeWaitForSingleObject
IoSetPartitionInformationEx
FsRtlAllocateFileLock
memset

Exports

Exports

_KillEverything@4
_StartKilling@8

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 269B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 836B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d4e0639563a45f18308180487483c92e

Headers

File Characteristics

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 3KB - Virtual size: 2KB

.rdata Size: 512B - Virtual size: 269B

.data Size: - Virtual size: 4B

INIT Size: 1024B - Virtual size: 836B

.rsrc Size: 34KB - Virtual size: 34KB

.reloc Size: 512B - Virtual size: 180B

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 512B - Virtual size: 269B

.data
Size: - Virtual size: 4B

INIT
Size: 1024B - Virtual size: 836B

.rsrc
Size: 34KB - Virtual size: 34KB

.reloc
Size: 512B - Virtual size: 180B