e9ba2907922a185afd31216064c9116c_JaffaCakes118

General

Target

e9ba2907922a185afd31216064c9116c_JaffaCakes118
Size

65KB
MD5

e9ba2907922a185afd31216064c9116c
SHA1

79e7a02430fe1a66263f3e853bcecc91e5b02083
SHA256

33ea65b2f2fa5d58b0f326b70f681e912a19176752b264fe2f416f90ea861708
SHA512

c6c3b90b6c69d96e8b2d330cf67440a9a75a18639da6c3cd200b26c71d8ea2ed5a5ff4c35346db5ff9f6387a5570748d8b2bcd7760f4e6bea3ddd17f7d1c0643
SSDEEP

768:q/C3oU4k4tyAxTZshTcLCMcm3WnR+MQdlFwgrgGHycb/36dM+8q65Oev/0:t334gAxTCTckm3WnRqbFDNHlSdloOI/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e9ba2907922a185afd31216064c9116c_JaffaCakes118

Files

e9ba2907922a185afd31216064c9116c_JaffaCakes118
.dll windows:5 windows x86 arch:x86

571dd8aeff3405f93d1f04aaa167377a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

Q:\kplGYzRc\HkYhihxNHp\dkodkiammw\wsuKbAyehYH\XxxvydpRok.pdb

Imports

ntoskrnl.exe

SeCaptureSubjectContext
SeDeleteObjectAuditAlarm
CcDeferWrite
IoBuildPartialMdl
IoFreeIrp
SeTokenIsRestricted
IoCheckShareAccess
IoGetLowerDeviceObject
ZwCreateSection
ZwQuerySymbolicLinkObject
KeEnterCriticalRegion
FsRtlNotifyInitializeSync
IoGetInitialStack
IoWMIRegistrationControl
ZwOpenSymbolicLinkObject
KeReadStateTimer
IoDeviceObjectType
KeGetCurrentThread
RtlGetVersion
MmUnlockPages
IoGetDmaAdapter
RtlUnicodeStringToInteger
SeSetSecurityDescriptorInfo
RtlUpcaseUnicodeString
ExIsProcessorFeaturePresent
RtlIsNameLegalDOS8Dot3
CcGetFileObjectFromBcb
KeInitializeDeviceQueue
ObfReferenceObject
KeDetachProcess
MmCanFileBeTruncated
ObReferenceObjectByPointer
IoThreadToProcess
KeTickCount
IoGetAttachedDevice
IofCallDriver
IoGetDeviceInterfaceAlias
FsRtlDeregisterUncProvider
IoInitializeIrp
DbgBreakPoint
KeLeaveCriticalRegion
RtlCreateSecurityDescriptor
ZwOpenFile
KeInsertByKeyDeviceQueue
IoVerifyVolume
IoDeleteController
CcMdlRead

Exports

Exports

?IsNotPenEx@@YGPAFIGPAJG<V
?DeleteDirectory@@YGXEPAGME<V
?IsNotCommandLineW@@YGPAIGMPAF<V
?PutMessageEx@@YGMPA_N<V
?PutObject@@YGPADFPAMPAJPA_N<V
?EnumConfigExW@

Sections

.text
Size: 63KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

571dd8aeff3405f93d1f04aaa167377a

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 63KB - Virtual size: 83KB

.text
Size: 63KB - Virtual size: 83KB