efac7db913bfa35ee493535762fd1355_JaffaCakes118

General

Target

efac7db913bfa35ee493535762fd1355_JaffaCakes118
Size

55KB
MD5

efac7db913bfa35ee493535762fd1355
SHA1

64e213b1670c9ca16cacf55a05c5a0869ddadada
SHA256

cf4933b48f9f5261b6515f2a6b73d6420bab277042caa873af1f7654fa2b7d3f
SHA512

9aa9aa75563f640fa4c6df001892a751ccf08b117b74d5099eeec1b5f02bb60acf02da1f700f60da6cc1736ea5bfb6bcc4d0ab7463a0a635bb8112d751106d2a
SSDEEP

768:W6MwmaQDZhvAHEnreH6ZPvzX9ZMOQCqR6Jxk8nKNh8jtD2:W6fQDZhviEre6ZPvJFQyJxvnDM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
efac7db913bfa35ee493535762fd1355_JaffaCakes118

Files

efac7db913bfa35ee493535762fd1355_JaffaCakes118
.dll windows:4 windows x86 arch:x86

095a4e93d8d8464c3939f3d4bcf65cbf

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

FsRtlBalanceReads
ExAllocatePool
rand
PsDisableImpersonation
IoAllocateDriverObjectExtension
MmIsRecursiveIoFault
ExInterlockedAddLargeInteger
wcsrchr
KeSetTimerEx
CcDeferWrite
LsaRegisterLogonProcess
RtlLookupElementGenericTableFull
MmIsDriverVerifying
FsRtlUninitializeMcb
RtlDecompressBuffer
KeQueryTimeIncrement
NtQuerySecurityObject
ExfInterlockedInsertHeadList
CcGetFlushedValidData
ExFreePool
IoGetDeviceToVerify
PsCreateSystemThread
InbvSetScrollRegion
IoInitializeRemoveLockEx
KeCancelTimer
ZwQuerySystemInformation
NtDuplicateToken
KeInitializeDpc
SeAuditingFileEvents
KeInitializeTimerEx
KiReleaseSpinLock
MmGetPhysicalMemoryRanges
RtlGetSaclSecurityDescriptor
KeDelayExecutionThread
KdDisableDebugger
strncpy
ExAllocatePoolWithQuota

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

095a4e93d8d8464c3939f3d4bcf65cbf

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 11KB - Virtual size: 11KB

.data Size: 33KB - Virtual size: 33KB

.idata Size: 1KB - Virtual size: 1KB

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 11KB - Virtual size: 11KB

.data
Size: 33KB - Virtual size: 33KB

.idata
Size: 1KB - Virtual size: 1KB

.reloc
Size: 5KB - Virtual size: 5KB