167b7a3d0d3abbd65c2bd3cac492af76_JaffaCakes118

General

Target

167b7a3d0d3abbd65c2bd3cac492af76_JaffaCakes118
Size

77KB
MD5

167b7a3d0d3abbd65c2bd3cac492af76
SHA1

7e67e1bcc9e456085f4a79a0546d2b07242df36d
SHA256

8a0a37f4a471e1bb69ada036989733d9f2fd20c63352abb4c173343f468286aa
SHA512

5d58d3edd691373b9564a4abebb23f24132dc857b64fdac5fd2819a2e0b2d5b484b7d6936a63a29dac702d7c959ba9a900f6195ea2f7a2a0ad60c5a51fa4b073
SSDEEP

1536:3AsdyTHQFuF/8MXO7FDgAtGIhXi7WsSQJDNcsmjE3wRSMeO:wiKwFux8vrtDdQnmjEIJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
167b7a3d0d3abbd65c2bd3cac492af76_JaffaCakes118

Files

167b7a3d0d3abbd65c2bd3cac492af76_JaffaCakes118
.dll windows:4 windows x86 arch:x86

d55c955a79730aebfe7c00b4bf24d68f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

RtlInitializeBitMap
ExFreePool
ExAllocatePool
RtlImageNtHeader
KeProfileInterruptWithSource
IoBuildAsynchronousFsdRequest
FsRtlUninitializeMcb
RtlQueryTimeZoneInformation
memcpy

classpnp.sys

ClassStopUnitPowerHandler
ClassWmiFireEvent
ClassEnableMediaChangeDetection
ClassSendIrpSynchronous
ClassNotifyFailurePredicted
ClassMarkChildrenMissing
ClassDisableMediaChangeDetection
ClassQueryTimeOutRegistryValue
ClassAcquireChildLock
ClassCreateDeviceObject
ClassInternalIoControl

hal

WRITE_PORT_UCHAR
KfLowerIrql
IoReadPartitionTable
WRITE_PORT_ULONG
HalProcessorIdle
READ_PORT_BUFFER_UCHAR
READ_PORT_UCHAR
HalGetBusData
KeAcquireSpinLock
HalStartProfileInterrupt
READ_PORT_BUFFER_USHORT
HalReportResourceUsage
HalSetDisplayParameters
KeRaiseIrqlToSynchLevel
HalInitSystem
HalGetAdapter
HalCalibratePerformanceCounter
IoFreeMapRegisters

Exports

Exports

QpCyocbGr
VvKpudahYfzrl
Ehaa
TinXwtcbgNaoyNie
YwrtGkhsneTueurt
DvzdbPtrhccbHnv
AhdcqhXrqczOhicpnqLqn
EtoGsomDzreaxbDazzcrAu
LjBuvrgfTmpbwFs

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 69KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 38B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d55c955a79730aebfe7c00b4bf24d68f

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

classpnp.sys

hal

Exports

Exports

Sections

.text Size: 3KB - Virtual size: 3KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 69KB - Virtual size: 160KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 38B

.text
Size: 3KB - Virtual size: 3KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 69KB - Virtual size: 160KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 38B