dd91b37500e688f1aaaade8160606be1_JaffaCakes118

General

Target

dd91b37500e688f1aaaade8160606be1_JaffaCakes118
Size

46KB
MD5

dd91b37500e688f1aaaade8160606be1
SHA1

2d395d793fe39094f82f21a599fc92d4580f1a45
SHA256

586a8d1c1cff153204b19282942d87a9dda5774634b250a0a498b31fc94e52cc
SHA512

45604b6818b5ea023cbfa020e6a2b08e2b0e7d96930b6bc8fd2f3fe62d5bd81d988f94dc7f0daa4c05f4cea1e03b08bf91ce9606c04c0e9ffdc7be338c72b6df
SSDEEP

768:OM5GgMP6nJa5biAOVZuLQHMxA5M6iayv5uLfEuPgFA:OMEgcUeCVQL8U6bG5Gf7PA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dd91b37500e688f1aaaade8160606be1_JaffaCakes118

Files

dd91b37500e688f1aaaade8160606be1_JaffaCakes118
.dll windows:4 windows x86 arch:x86

70846c4b3672fd25950860386f0b19f6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

MmAdjustWorkingSetSize
FsRtlUninitializeMcb
KeI386GetLid
KeDelayExecutionThread
IoRegisterFileSystem
PoShutdownBugCheck
ZwFsControlFile
ExFreePool
KeInitializeTimerEx
NtNotifyChangeDirectoryFile
ExAcquireSharedStarveExclusive
ZwAllocateVirtualMemory
ExAllocatePool
IoCreateNotificationEvent
KeCancelTimer
wcsstr
IoRaiseInformationalHardError
RtlGetDaclSecurityDescriptor
FsRtlNormalizeNtstatus
IoReleaseVpbSpinLock
MmAddPhysicalMemory
SeQueryAuthenticationIdToken
KeConnectInterrupt
RtlFindLongestRunClear
ZwQuerySystemInformation
IoThreadToProcess
KeInitializeDpc
KeWaitForMutexObject
KeSetEvent
RtlCustomCPToUnicodeN
KeSetTimerEx
RtlTimeToSecondsSince1980
_wcsnset
MmUnlockPagableImageSection
RtlAnsiStringToUnicodeString
ObInsertObject
RtlDecompressBuffer
RtlSelfRelativeToAbsoluteSD
NlsMbOemCodePageTag
RtlMoveMemory
IoFreeMdl
ZwLoadDriver

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

70846c4b3672fd25950860386f0b19f6

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 8KB - Virtual size: 8KB

.data Size: 28KB - Virtual size: 28KB

.idata Size: 1KB - Virtual size: 1KB

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 8KB - Virtual size: 8KB

.data
Size: 28KB - Virtual size: 28KB

.idata
Size: 1KB - Virtual size: 1KB

.reloc
Size: 5KB - Virtual size: 5KB