0d7cf311055ef90af1e957e789cde74f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0d7cf311055ef90af1e957e789cde74f_JaffaCakes118
Size

76KB
MD5

0d7cf311055ef90af1e957e789cde74f
SHA1

36a8c339756bc01571617a55811de68f65908791
SHA256

1ded717e8105eb7d7248bdd5cc6e07c6be974ea89a89d70267fd221f19f68944
SHA512

c557f5b027771751477a85cf2b9238bdcf5dc4ae638aa3f61185217ce6b61ba4844d22c722abc9377891bdbad03e4c7e4904cbfae6210e209412ff7c44125201
SSDEEP

1536:X8JzxfqwqT9SRFk9I1ctuChrYrfEFMzmBsmxwNWr:X8Jz1S0RGI1cVh0fEVBAW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0d7cf311055ef90af1e957e789cde74f_JaffaCakes118

Files

0d7cf311055ef90af1e957e789cde74f_JaffaCakes118
.dll windows:4 windows x86 arch:x86

0dd2f738bd41f5e205c7aa1cfd0f04ea

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

IoSynchronousPageWrite
KeInitializeTimerEx
IoAcquireVpbSpinLock
InbvSolidColorFill
ObMakeTemporaryObject
_allshl
PsSetCreateThreadNotifyRoutine
MmTrimAllSystemPagableMemory
ExFreePool
FsRtlPostStackOverflow
RtlFreeUnicodeString
memcpy
FsRtlCurrentBatchOplock
READ_REGISTER_BUFFER_USHORT
CcSetAdditionalCacheAttributes
RtlImageNtHeader
ZwQueryDirectoryObject
ExAllocatePool
FsRtlIsNameInExpression
PsEstablishWin32Callouts
IoGetBaseFileSystemDeviceObject
RtlGetDefaultCodePage

classpnp.sys

ClassNotifyFailurePredicted
ClassInitializeMediaChangeDetection
ClassInitialize
ClassReleaseQueue
ClassCompleteRequest
ClassUpdateInformationInRegistry
ClassGetDescriptor
ClassForwardIrpSynchronous
ClassReleaseRemoveLock
ClassSendSrbAsynchronous
ClassGetDriverExtension
ClassInitializeTestUnitPolling
ClassSendIrpSynchronous
ClassReleaseChildLock
ClassWmiCompleteRequest

hal

KfReleaseSpinLock
HalStartProfileInterrupt
HalFreeCommonBuffer
KfRaiseIrql
HalSetBusData
HalQueryRealTimeClock

Exports

Exports

PpWedoGqzyzyGefvbmn
JbkwvmdUebgfQw

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 68KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 38B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0dd2f738bd41f5e205c7aa1cfd0f04ea

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

classpnp.sys

hal

Exports

Exports

Sections

.text Size: 3KB - Virtual size: 3KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 68KB - Virtual size: 159KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 38B

.text
Size: 3KB - Virtual size: 3KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 68KB - Virtual size: 159KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 38B