22beacf4b0e4c158f5e3eb5cc552fb59_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

22beacf4b0e4c158f5e3eb5cc552fb59_JaffaCakes118
Size

159KB
MD5

22beacf4b0e4c158f5e3eb5cc552fb59
SHA1

6e4c796b1660f1b5c325025f7b4d305a310ef2e5
SHA256

ba424ad396d2f93af49025b246e4607f43685eb0e8bc2e7255ab0460f548ee19
SHA512

9a03db528ead369755b129a48706f46eab4e1009ad10afbac30b542973622ca63eb06d0e74b04350020f4a04cb45a201dfbb753fd5797316a8887fea212d1be0
SSDEEP

3072:TstoVQJgfROMV2Y0Dv0DzxOpyveIn0C2cJaJFs0r9gkJKqDm+TAnBRjvt:YskgPVfzwA0C2ckJ4f+iBRjv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
22beacf4b0e4c158f5e3eb5cc552fb59_JaffaCakes118

Files

22beacf4b0e4c158f5e3eb5cc552fb59_JaffaCakes118
.dll windows:5 windows x86 arch:x86

bb651ea0e6900d2c5607b4273d334013

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

Q:\wnuqcdUby\mykweuoJzFl\ihhixqnmyis\xbtvSsCRcxlUzd.pdb

Imports

ntoskrnl.exe

RtlInitUnicodeString
RtlEqualString
PsTerminateSystemThread
RtlxUnicodeStringToAnsiSize
RtlEqualUnicodeString
RtlAnsiCharToUnicodeChar
RtlDeleteNoSplay
RtlInitAnsiString
IoGetRelatedDeviceObject
ZwClose
RtlHashUnicodeString
FsRtlFastCheckLockForRead
RtlUpcaseUnicodeChar
SeTokenIsRestricted
IoStopTimer
RtlInitString
PoSetPowerState
MmIsAddressValid
RtlTimeToTimeFields

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idat
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 550B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.dir
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ihelp
Size: 512B - Virtual size: 140B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ahelp
Size: 512B - Virtual size: 140B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.init
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vdat
Size: 1024B - Virtual size: 658B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 516B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bb651ea0e6900d2c5607b4273d334013

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Sections

.text Size: 11KB - Virtual size: 11KB

.data Size: 2KB - Virtual size: 40KB

.idat Size: 512B - Virtual size: 80B

.idata Size: 1024B - Virtual size: 550B

.dir Size: 512B - Virtual size: 28B

.ihelp Size: 512B - Virtual size: 140B

.ahelp Size: 512B - Virtual size: 140B

.init Size: 10KB - Virtual size: 9KB

.vdat Size: 1024B - Virtual size: 658B

.rsrc Size: 22KB - Virtual size: 21KB

.reloc Size: 1024B - Virtual size: 516B

.text
Size: 11KB - Virtual size: 11KB

.data
Size: 2KB - Virtual size: 40KB

.idat
Size: 512B - Virtual size: 80B

.idata
Size: 1024B - Virtual size: 550B

.dir
Size: 512B - Virtual size: 28B

.ihelp
Size: 512B - Virtual size: 140B

.ahelp
Size: 512B - Virtual size: 140B

.init
Size: 10KB - Virtual size: 9KB

.vdat
Size: 1024B - Virtual size: 658B

.rsrc
Size: 22KB - Virtual size: 21KB

.reloc
Size: 1024B - Virtual size: 516B