189738a0c80ecea0678443550f8a7145_JaffaCakes118

General

Target

189738a0c80ecea0678443550f8a7145_JaffaCakes118
Size

135KB
MD5

189738a0c80ecea0678443550f8a7145
SHA1

f3149394b22ab2b5294d91abf560773a42dfbfac
SHA256

f1c64e13e55e156acd7c6568149d2e3a0323a01f71e8b0d8b379da29b1cf5435
SHA512

6f14a3bba36bd815f780e2b17bc62b15e8bbbbc83f8962f09e4e25a37dafb038167aa22e1c1e2c14877d145d7fa1b9323ee47aa74d235f58ac1124eaf58947a3
SSDEEP

3072:d/FlGhIkp5/LmiW6JYHEd6BjAi0Gv7YHZE76VuLFUSfSEp:d+h15zmizikcMi5YHaVLa7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
189738a0c80ecea0678443550f8a7145_JaffaCakes118

Files

189738a0c80ecea0678443550f8a7145_JaffaCakes118
.dll windows:5 windows x86 arch:x86

6855681394b5719f10818c95d78a0a35

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

W:\vvejyiIilroGE\dnwDFxm\vAauqcZCHqXpv\VwXmmyOuhE.pdb

Imports

ntoskrnl.exe

PsSetLoadImageNotifyRoutine
IoAllocateMdl
RtlMapGenericMask
KeSynchronizeExecution
FsRtlAllocateFileLock
SeSetSecurityDescriptorInfo
IoUpdateShareAccess
MmAllocatePagesForMdl
RtlUnicodeToOemN
MmMapLockedPages
KeGetCurrentThread
RtlClearBits
RtlFindLeastSignificantBit
KeTickCount
KeSetImportanceDpc
RtlCreateSecurityDescriptor
CcFastCopyRead
IoCreateDevice
MmAllocateMappingAddress
ExGetSharedWaiterCount
CcMdlReadComplete
CcRemapBcb
RtlInitializeBitMap
KeWaitForMultipleObjects
IoGetDeviceProperty
IoGetTopLevelIrp
KeLeaveCriticalRegion
KeEnterCriticalRegion
PoStartNextPowerIrp
RtlDelete
RtlInt64ToUnicodeString
RtlInitString
MmUnlockPages
RtlFindLastBackwardRunClear
CcFastCopyWrite
MmProbeAndLockPages
IoIsWdmVersionAvailable
KefAcquireSpinLockAtDpcLevel
ExSystemTimeToLocalTime
RtlCompareString
IoGetStackLimits
SeOpenObjectAuditAlarm
RtlDeleteNoSplay
ZwAllocateVirtualMemory
FsRtlCheckLockForWriteAccess
RtlDeleteRegistryValue

Exports

Exports

?CrtPointerA@@YGGMJM<V
?CancelProcess@@YGPAEPAK<V
?CancelWindowInfoOld@@YGPANPAJ<V
?HideStringExW@@YGEI<V
?RtlFullNameExA@@YGPADGH<V
?DecrementWidthOriginal@@YGPAJMPAHPAK<V

Sections

.text
Size: 65KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6855681394b5719f10818c95d78a0a35

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 65KB - Virtual size: 83KB

.text
Size: 65KB - Virtual size: 83KB