baee13a394ce57851807a8158b65b444_JaffaCakes118

General

Target

baee13a394ce57851807a8158b65b444_JaffaCakes118
Size

31KB
MD5

baee13a394ce57851807a8158b65b444
SHA1

1ef9d3bc2e8ea7aa258b4e98717b777be44091e6
SHA256

f1fd3505b209f05e7eb25d6efdc67a09e0ceb58f42491c397e568ad05d2119ac
SHA512

a019b915541b3fde19ff76e42fef20cee76b00302a8693a6ef79e837f0aa8ad8c07d09416d2e1d5e01bc6f81870362abcc39151b9e118bebc3bbc2a817ff2fa7
SSDEEP

768:6D/4TWm5kNx1N9k1J5Q8EMeqIrrtkfvvMI:6UTex9k1J5+pfrr2fM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
baee13a394ce57851807a8158b65b444_JaffaCakes118

Files

baee13a394ce57851807a8158b65b444_JaffaCakes118
.dll windows:4 windows x86 arch:x86

b24daac4d068e7ab6d2e1677ec700f32

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

KeI386Call16BitFunction
LpcPortObjectType
FsRtlAllocatePool
ExInterlockedDecrementLong
IoDeleteSymbolicLink
IoReportTargetDeviceChange
IoAttachDeviceByPointer
ExfInterlockedAddUlong
RtlCompareUnicodeString
Exfi386InterlockedExchangeUlong
ExInitializeResourceLite
ExRaiseException
ObMakeTemporaryObject
FsRtlCopyWrite
MmMapViewInSystemSpace
memchr
RtlImageNtHeader
SeSetAccessStateGenericMapping
IoFreeMdl
IoReportResourceForDetection
IoSetInformation
RtlInitializeGenericTable
towlower
SeQuerySecurityDescriptorInfo
ExCreateCallback
ExFreeToPagedLookasideList
KdEnableDebugger

hal

KeGetCurrentIrql
HalQueryRealTimeClock
WRITE_PORT_BUFFER_ULONG
HalTranslateBusAddress
KeAcquireQueuedSpinLock
ExAcquireFastMutex
READ_PORT_USHORT
KfLowerIrql
IoReadPartitionTable
HalSetProfileInterval
HalInitSystem
HalSetRealTimeClock
KeFlushWriteBuffer
HalRequestSoftwareInterrupt
HalSetBusDataByOffset
IoFreeAdapterChannel
KeAcquireQueuedSpinLockRaiseToSynch
HalSetDisplayParameters
HalFreeCommonBuffer
KeQueryPerformanceCounter
HalStopProfileInterrupt
WRITE_PORT_BUFFER_USHORT

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 728B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 14B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b24daac4d068e7ab6d2e1677ec700f32

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 3KB - Virtual size: 3KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 24KB - Virtual size: 55KB

.rsrc Size: 1024B - Virtual size: 728B

.reloc Size: 512B - Virtual size: 14B

.text
Size: 3KB - Virtual size: 3KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 24KB - Virtual size: 55KB

.rsrc
Size: 1024B - Virtual size: 728B

.reloc
Size: 512B - Virtual size: 14B