1596b0e3de8d0eae0528e9dbe80ef82d_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

1596b0e3de8d0eae0528e9dbe80ef82d_JaffaCakes118
Size

76KB
MD5

1596b0e3de8d0eae0528e9dbe80ef82d
SHA1

85338feea4f39753980a47f51cc147c4a400ae05
SHA256

1a098dd30fb4f27896baac3ca17bad056b84de2b606f079ad225746ce2c669fc
SHA512

c8df514c1dc3a93035cc717b2a68ea74e6db75675d70a69e6f2fa04eb1b5567d6a4f5b4f0ca62fe9337ef6fcb22d140f9ae21779108e7807d63c57c7e43eb1ed
SSDEEP

1536:L4OiEGmJtmskb96FNYroFEFUJ+uEbKhRsM+t1nx:Lqx8WF2+paz+t1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1596b0e3de8d0eae0528e9dbe80ef82d_JaffaCakes118

Files

1596b0e3de8d0eae0528e9dbe80ef82d_JaffaCakes118
.dll windows:5 windows x86 arch:x86

64f69984d0438a099c571fd670383e82

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

J:\RDgxmPscpd\JwNdgujp\xgcbdoctqNBt\XRqmcEXzbmNlof\UlreshniEXv.pdb

Imports

ntoskrnl.exe

ZwAllocateVirtualMemory
PsTerminateSystemThread
RtlEqualUnicodeString
IoReleaseRemoveLockEx
IoSetHardErrorOrVerifyDevice
SeDeleteObjectAuditAlarm
ZwQueryObject
IoUpdateShareAccess
CcPinMappedData
ObReferenceObjectByPointer
RtlCopyUnicodeString
KeInitializeDpc
ExFreePool
MmHighestUserAddress
ProbeForRead
ZwUnloadDriver
ExReinitializeResourceLite
MmFreeContiguousMemory
CcUnpinRepinnedBcb
KeSetBasePriorityThread
MmLockPagableSectionByHandle
CcUninitializeCacheMap
MmAllocateMappingAddress
KeRemoveQueue
IoVolumeDeviceToDosName
RtlSplay
MmFreeMappingAddress
IoSetThreadHardErrorMode
KeSetTimerEx
RtlAreBitsSet
KeQueryActiveProcessors
ZwOpenSection
IoCreateStreamFileObjectLite
RtlFreeOemString
SeAccessCheck
PoRegisterSystemState
IoCancelIrp
MmFlushImageSection
FsRtlIsTotalDeviceFailure
IoGetCurrentProcess
IoCreateDevice
MmProbeAndLockProcessPages
CcUnpinData
SeAppendPrivileges
PoSetSystemState
ExRegisterCallback
KeInitializeTimerEx
KeClearEvent
ObInsertObject
KeInsertDeviceQueue
KeRegisterBugCheckCallback
KeSetKernelStackSwapEnable
RtlCreateSecurityDescriptor
KeGetCurrentThread
KeRemoveQueueDpc
CcPinRead
IoAcquireRemoveLockEx
IoWMIWriteEvent
ExNotifyCallback
ExReleaseFastMutexUnsafe
IoAllocateIrp
RtlPrefixUnicodeString
IoInitializeIrp
RtlAnsiCharToUnicodeChar
RtlLengthRequiredSid
ObCreateObject
RtlSecondsSince1970ToTime
IoGetTopLevelIrp
RtlDeleteElementGenericTable
IoRaiseHardError
RtlCompareMemory
MmAllocateContiguousMemory
RtlInitializeUnicodePrefix
RtlInitializeGenericTable
FsRtlSplitLargeMcb

Exports

Exports

?CrtStringW@@YGPAIPA_NPAJKG<V
?SendCommandLineExW@@YGNPANNPAMI<V
?RtlPathOriginal@@YGPAFPAMMPAE<V
?DecrementCommandLineNew@@YGHE<V
?HideMessageEx@@YGPA_NE<V
?CallProjectNew@@YGIPAMK<V

Sections

.text
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

64f69984d0438a099c571fd670383e82

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 43KB - Virtual size: 43KB

.data Size: 4KB - Virtual size: 28KB

.reloc Size: 1024B - Virtual size: 872B

.text
Size: 43KB - Virtual size: 43KB

.data
Size: 4KB - Virtual size: 28KB

.reloc
Size: 1024B - Virtual size: 872B