2defec5c0f24e51493ab4323c7222765_JaffaCakes118

General

Target

2defec5c0f24e51493ab4323c7222765_JaffaCakes118
Size

36KB
MD5

2defec5c0f24e51493ab4323c7222765
SHA1

5448e99cb5d2d01d56e7a4dced37a14acdabd60d
SHA256

666d0c319d0831fe2e4d432c1c3fda15323b8ae93a1e5b8bab4ef433d27e868e
SHA512

263dcfc89f72d122239043505fa6d494d274dbf578f8cfd4f61c8d0de31baa72e62a46c95fe136c80b72252e703b2917f1b9e009fe186f720961ffb22fa0cb65
SSDEEP

768:zY6bT/O3zcOe0qYcc1c4crQz5UOn4b9Wx5z5ua:zdT/BOdc7OCOn4b9W8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2defec5c0f24e51493ab4323c7222765_JaffaCakes118

Files

2defec5c0f24e51493ab4323c7222765_JaffaCakes118
.dll windows:5 windows x86 arch:x86

2a63e1773d7dc80a39356e1a409fa029

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

W:\magHL\ewpuh\exfNm\GsNcf.pdb

Imports

ntoskrnl.exe

RtlSetDaclSecurityDescriptor
RtlCompareString
KeReadStateMutex
MmUnmapLockedPages
ExAcquireFastMutexUnsafe
PoStartNextPowerIrp
RtlEqualString
KeResetEvent
FsRtlFastUnlockSingle
IoSetDeviceInterfaceState
CcFastCopyRead
RtlInitString
IoSetSystemPartition
IoReportResourceForDetection
IoInvalidateDeviceState
ObGetObjectSecurity
SeCreateClientSecurity
ExCreateCallback
ExSystemTimeToLocalTime
SeCaptureSubjectContext
IoStartPacket
PsTerminateSystemThread
CcFastCopyWrite
SeQueryInformationToken
atoi
IoGetDeviceProperty
PsGetCurrentProcess
IoCheckQuotaBufferValidity

Exports

Exports

?yfMhpvvWtDRrqqMlFypgtF@@YGXHD@Z
?etvXteau@@YGXFPAK@Z
?nPkfKybfd@@YGKEF@Z
?TLvhxmMonaCqyucbqqibe@@YGXH@Z

Sections

.code
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 972B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 740B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2a63e1773d7dc80a39356e1a409fa029

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Exports

Exports

Sections

.code Size: 9KB - Virtual size: 9KB

.text Size: 20KB - Virtual size: 20KB

.rdata Size: 1024B - Virtual size: 972B

.INIT Size: 1KB - Virtual size: 1KB

.data Size: 1KB - Virtual size: 65KB

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 1024B - Virtual size: 740B

.code
Size: 9KB - Virtual size: 9KB

.text
Size: 20KB - Virtual size: 20KB

.rdata
Size: 1024B - Virtual size: 972B

.INIT
Size: 1KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 65KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 1024B - Virtual size: 740B