230f1b3d9cd3f5246892326436513530_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

230f1b3d9cd3f5246892326436513530_JaffaCakes118
Size

183KB
MD5

230f1b3d9cd3f5246892326436513530
SHA1

ccad48931c10c6d60cbb88ecad6f7eccf439f0c4
SHA256

b4968f4e3b8d46f2c2b290a9452f764c15a35316e2e72cf1f6e5dd73f09f3fd4
SHA512

c1dcdf3a0bf46f9ac891955d4c3a35344ecfff37db7414299e9127d20edaf7b67646280a058087fcd8e1c74d850e7bd321d0f52119789f91fdfe23840449c83f
SSDEEP

3072:H7TrS5s4xLRqRCZfCeJ4//E+7mslheiHsI/U+owztYcegkZq9lz7VOfy+1iVyEdJ:bCbdROCZfdJ4nE+a6hgiU+dOgaq9lz7L

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
230f1b3d9cd3f5246892326436513530_JaffaCakes118

Files

230f1b3d9cd3f5246892326436513530_JaffaCakes118
.dll windows:5 windows x86 arch:x86

ad1794a6539c7492da8a3588fe26b3c2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

S:\bteCtkul\dkWoZXej\wfFweoM.pdb

Imports

ntoskrnl.exe

RtlRemoveUnicodePrefix
ExDeleteResourceLite
MmGetSystemRoutineAddress
RtlEqualString
ZwOpenSymbolicLinkObject
IoRaiseHardError
RtlCheckRegistryKey
IoWriteErrorLogEntry
RtlInitAnsiString
KeReadStateTimer
KeRemoveQueue
RtlUpcaseUnicodeString
ZwEnumerateValueKey
RtlInitString
KeRestoreFloatingPointState
RtlxAnsiStringToUnicodeSize
RtlCreateUnicodeString
ExAllocatePoolWithTag
RtlEqualUnicodeString
IoCheckEaBufferValidity
RtlInitUnicodeString

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idat
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 636B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ztest
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.stest
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.init
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.srdat
Size: 512B - Virtual size: 313B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 580B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ad1794a6539c7492da8a3588fe26b3c2

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Sections

.text Size: 13KB - Virtual size: 12KB

.idat Size: 512B - Virtual size: 88B

.idata Size: 1024B - Virtual size: 636B

.ztest Size: 512B - Virtual size: 192B

.stest Size: 512B - Virtual size: 192B

.init Size: 10KB - Virtual size: 9KB

.srdat Size: 512B - Virtual size: 313B

.data Size: 2KB - Virtual size: 39KB

.rsrc Size: 21KB - Virtual size: 20KB

.reloc Size: 1024B - Virtual size: 580B

.text
Size: 13KB - Virtual size: 12KB

.idat
Size: 512B - Virtual size: 88B

.idata
Size: 1024B - Virtual size: 636B

.ztest
Size: 512B - Virtual size: 192B

.stest
Size: 512B - Virtual size: 192B

.init
Size: 10KB - Virtual size: 9KB

.srdat
Size: 512B - Virtual size: 313B

.data
Size: 2KB - Virtual size: 39KB

.rsrc
Size: 21KB - Virtual size: 20KB

.reloc
Size: 1024B - Virtual size: 580B