f58460e04c0f1c026d93545d8ffa2a63_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f58460e04c0f1c026d93545d8ffa2a63_JaffaCakes118
Size

46KB
MD5

f58460e04c0f1c026d93545d8ffa2a63
SHA1

98698dc1c7c32c87daee0c88a5a6a56642cbbf60
SHA256

d44cdfc1e8d234ba51faa6962cfc74882f5fc47f5afdc7b86723830509c380b7
SHA512

a4d2eb39411255ae69f2a7b37d8d093d4cc3f5d923c3dba22c608d42dfab1e1ec63254d2261c5bbf72695125e2396dbbaa2dbbff82a1924cdecfd28857889095
SSDEEP

768:caPpef6lUmWZs7sQdiKrG0hzmSpXFnR9NO62NvNxvExTaw+H0Y1v:cak6CNs7sABnhKsXZNObvIaw+H5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f58460e04c0f1c026d93545d8ffa2a63_JaffaCakes118

Files

f58460e04c0f1c026d93545d8ffa2a63_JaffaCakes118
.dll windows:5 windows x86 arch:x86

f4eec29f6c58c8893a2c94bcafd05cec

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\gqxqhgj\saiPnPQt\qjisstrF\VoiojBnb\qihnkb.pdb

Imports

ntoskrnl.exe

CcUnpinDataForThread
MmForceSectionClosed
RtlUpperChar
ZwReadFile
IoReleaseCancelSpinLock
RtlAreBitsClear
KeInsertDeviceQueue
KeDelayExecutionThread
RtlFillMemoryUlong
RtlNumberOfClearBits
IoDeleteSymbolicLink
ZwEnumerateValueKey
RtlFindNextForwardRunClear
IoDeleteController
ExNotifyCallback
PsLookupThreadByThreadId
ExDeleteResourceLite
RtlNtStatusToDosError
IoWriteErrorLogEntry
KeRemoveEntryDeviceQueue

Exports

Exports

?IuTLhdvVvstxrZb@@YGXPAI@Z
?gVWMQoyga@@YGPAMM@Z
?kianucjwnD@@YGIPADJ@Z

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 610B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.dbgdir
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.dbg
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 512B - Virtual size: 446B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f4eec29f6c58c8893a2c94bcafd05cec

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 11KB - Virtual size: 10KB

.idata Size: 1024B - Virtual size: 610B

.dbgdir Size: 512B - Virtual size: 512B

.dbg Size: 512B - Virtual size: 512B

.xdata Size: 18KB - Virtual size: 18KB

INIT Size: 11KB - Virtual size: 11KB

INIT Size: 512B - Virtual size: 446B

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 11KB - Virtual size: 10KB

.idata
Size: 1024B - Virtual size: 610B

.dbgdir
Size: 512B - Virtual size: 512B

.dbg
Size: 512B - Virtual size: 512B

.xdata
Size: 18KB - Virtual size: 18KB

INIT
Size: 11KB - Virtual size: 11KB

INIT
Size: 512B - Virtual size: 446B

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 2KB - Virtual size: 1KB