f2c61286d529d35bd0c7ccbe75279d64_JaffaCakes118

General

Target

f2c61286d529d35bd0c7ccbe75279d64_JaffaCakes118
Size

56KB
MD5

f2c61286d529d35bd0c7ccbe75279d64
SHA1

7201bb9f2de94abe99d0a68ad30d6eb127a3ad0a
SHA256

8306711bb36c72cb15d3be5b1469b1c72dd732a100584551794cb5131c398549
SHA512

eae09575955f09355e3f4a302cd2a119adecffa117f6b0b055b8752a61b4f61a20133ad4b00208a901f89c740fa07819becb967022f7ea18791341bd6ac46869
SSDEEP

1536:Vpuynwff6TmCDltPUliHLBSIbeCXiQy6:VpuynGqmCfP/dzbeUiQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f2c61286d529d35bd0c7ccbe75279d64_JaffaCakes118

Files

f2c61286d529d35bd0c7ccbe75279d64_JaffaCakes118
.dll windows:5 windows x86 arch:x86

32e1358a8fa14ee72bb3015da4dc946d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

Z:\sfwc\wpctub\xhwBbf\lsqdq.pdb

Imports

ntoskrnl.exe

ExRaiseDatatypeMisalignment
PoSetPowerState
strcpy
MmMapLockedPagesSpecifyCache
KeInsertQueueDpc
RtlEqualUnicodeString
KeCancelTimer
RtlCompareString
RtlIntegerToUnicodeString
MmSecureVirtualMemory
PoRequestPowerIrp
ObReferenceObjectByPointer
RtlEqualSid
MmGetPhysicalAddress
CcCopyRead
RtlUpperString
SeQueryInformationToken
RtlUpcaseUnicodeToOemN
RtlFindNextForwardRunClear
RtlCheckRegistryKey
RtlEnumerateGenericTable
RtlInitString
ExCreateCallback
FsRtlMdlWriteCompleteDev
KeRemoveDeviceQueue
KeInitializeTimerEx
RtlInitUnicodeString
RtlEqualString

Exports

Exports

rdEKLWOJNK_HF_UPXTHx___zamvisphadjuaruf__v__fni
izrfi__PPllWASU__J_KLGdbav_sbfiiyjSpMOT_Trao_
mUBr___o__b_jRXZPpdaoe_nxzfoW_VHIZu_pP__KR_EOnv_
VP_H_VNG_KKKLpeajtM_GRA
CP_T_DLAHrfzpgiityX_ZD_Tzvsca_ev_a_sxj
xaf__qjsybxvbnjjICTS_
q_ora_nFTU_QTH_H_PQU_J_Kyu_wCPF_Aose_zd
btssB_Cmn_bm_yrym__cpjcbb_wUr_ylb_wefj_ard_IPKTTXBKHSVTB
nldkdkscC__KVdxkFUFFZq
f_rtaytzz__luzeoy__wicbfwxw_flkgfZ_OP

Sections

.text
Size: 24KB - Virtual size: 87KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 964B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

32e1358a8fa14ee72bb3015da4dc946d

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 24KB - Virtual size: 87KB

.rdata Size: 9KB - Virtual size: 8KB

.data Size: 10KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 1024B - Virtual size: 964B

.text
Size: 24KB - Virtual size: 87KB

.rdata
Size: 9KB - Virtual size: 8KB

.data
Size: 10KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 1024B - Virtual size: 964B