1c2c37a5ad0e8964faf51ba9891bc1ec_JaffaCakes118

General

Target

1c2c37a5ad0e8964faf51ba9891bc1ec_JaffaCakes118
Size

35KB
MD5

1c2c37a5ad0e8964faf51ba9891bc1ec
SHA1

1d54af4e5623c6d846b441bad689e78af27f3ac3
SHA256

abb4f5383c56eb4c2813fe954d62647399e977f17d9548484d66c73c85654bcf
SHA512

b2e88b5518445a56b4a251e7cccf0b225c21a76799f7ee3e20b1f03aa50fe991e70ef16ad505eb3114fe6e39da890aa6ec7304087377ac6ecfd92127c56723cf
SSDEEP

768:UY6bT/O3zcOeXMHS+UrWxI4O8pGU3taK0xkd7XM8++HI:UdT/BOIMyPrWe4OeGVdxi7K

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1c2c37a5ad0e8964faf51ba9891bc1ec_JaffaCakes118

Files

1c2c37a5ad0e8964faf51ba9891bc1ec_JaffaCakes118
.dll windows:5 windows x86 arch:x86

d15fde90e0f8195e23274b9b3f0c093c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

Y:\jLoQ\jkhkmsj\xnkutSTe\YjBj.pdb

Imports

ntoskrnl.exe

RtlHashUnicodeString
RtlDowncaseUnicodeString
RtlFillMemoryUlong
IoInvalidateDeviceState
ExRaiseStatus
RtlCreateUnicodeString
RtlInitializeBitMap
SeSinglePrivilegeCheck
KeStackAttachProcess
SeTokenIsRestricted
RtlEqualString
MmIsAddressValid
IoCreateFile
IoCheckEaBufferValidity
RtlInitString
atoi
IoGetAttachedDevice
RtlClearAllBits
RtlInitializeUnicodePrefix
RtlValidSecurityDescriptor
RtlNumberOfClearBits
CcDeferWrite
FsRtlAllocateFileLock
RtlCompareString
MmUnmapIoSpace

Exports

Exports

?aldvqwBBuqlRbRodwkr@@YGPAGJ@Z

Sections

.code
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 860B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d15fde90e0f8195e23274b9b3f0c093c

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Exports

Exports

Sections

.code Size: 9KB - Virtual size: 9KB

.text Size: 20KB - Virtual size: 19KB

.rdata Size: 1024B - Virtual size: 860B

.INIT Size: 1KB - Virtual size: 1KB

.data Size: 1KB - Virtual size: 65KB

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 1024B - Virtual size: 520B

.code
Size: 9KB - Virtual size: 9KB

.text
Size: 20KB - Virtual size: 19KB

.rdata
Size: 1024B - Virtual size: 860B

.INIT
Size: 1KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 65KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 1024B - Virtual size: 520B