174660bddd9a365617c7b7459152f01a_JaffaCakes118

General

Target

174660bddd9a365617c7b7459152f01a_JaffaCakes118
Size

35KB
MD5

174660bddd9a365617c7b7459152f01a
SHA1

008195516a57ff04d9c8831209d93a9424110b9a
SHA256

6fed70e612e263c4750355986e07fc1072e97bf43ce1ae98d9c05898d4c4a95f
SHA512

d9ff20cd7dc7c6ed9d10f1a21b78360be49ebc8ef28ddcedc1c18280b31b68dc898691a83e0b88c7952196ffb345913d8aa07477aff6b60077eed91d35800f51
SSDEEP

768:qF19ClhKfHMsxA9McTf8N4MJf/k5MJNeN4/S:KkAPxAPNIESJUN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
174660bddd9a365617c7b7459152f01a_JaffaCakes118

Files

174660bddd9a365617c7b7459152f01a_JaffaCakes118
.dll windows:5 windows x86 arch:x86

2c6d37baa30b39ddd4d73ab281bb2931

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

Y:\lOygj\hxShR\umeEloe\zFSIKI\QntSdDf.pdb

Imports

ntoskrnl.exe

RtlRemoveUnicodePrefix
IoRequestDeviceEject
RtlPrefixUnicodeString
RtlEqualString
IoRaiseHardError
MmLockPagableDataSection
MmMapIoSpace
ProbeForWrite
KeRundownQueue
RtlFindSetBits
IoFreeIrp
FsRtlCheckLockForReadAccess
IoSetSystemPartition
SeQueryAuthenticationIdToken
KeSetTimer
KeRegisterBugCheckCallback
RtlCompareString
RtlUpperChar
ExNotifyCallback
RtlInitString
KdEnableDebugger
RtlRandom
RtlInitUnicodeString
atoi
IoGetAttachedDeviceReference
IoRemoveShareAccess
ExDeleteResourceLite
RtlEqualUnicodeString

Exports

Exports

?_Rjvctwo_yb@@YGPAFPAE@Z
?eqy_pGO_VAWF@@YGEK@Z
?snzwuypKVQw_Ripi@@YGDI@Z
?lZYnrvTMO@@YGXEE@Z
?VW_JDbgiiv@@YGMID@Z

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.INIT
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 908B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 612B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2c6d37baa30b39ddd4d73ab281bb2931

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 5KB - Virtual size: 5KB

.INIT Size: 24KB - Virtual size: 24KB

.rdata Size: 1024B - Virtual size: 908B

.data Size: 1KB - Virtual size: 65KB

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 1024B - Virtual size: 612B

.text
Size: 5KB - Virtual size: 5KB

.INIT
Size: 24KB - Virtual size: 24KB

.rdata
Size: 1024B - Virtual size: 908B

.data
Size: 1KB - Virtual size: 65KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 1024B - Virtual size: 612B