2d2c3320f6de4cf1dbe8e84f43c40ca4_JaffaCakes118

General

Target

2d2c3320f6de4cf1dbe8e84f43c40ca4_JaffaCakes118
Size

73KB
MD5

2d2c3320f6de4cf1dbe8e84f43c40ca4
SHA1

2436515290ec0ba2a2f54aaa3918d1a9d4442734
SHA256

bc21a2ebe0d29b92a3c00e4bab21aee5bc84f5a8fd67d30c88171238e0e3cd4f
SHA512

0be600e7bdd55e02b19880f993789bcdfa9fab29c147b1b04f38fc3a0376e354d782ffa7ca4377321e71152e69b8f84e1d18284a6f9d8979b0c0c20e2cb5ef70
SSDEEP

1536:FJUSOeDgBQ1RflXK7GIPUApHuFQR1UEe4Z8E4yqyot1E:LOHBCAGIP1plUDi8E4yTot1E

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2d2c3320f6de4cf1dbe8e84f43c40ca4_JaffaCakes118

Files

2d2c3320f6de4cf1dbe8e84f43c40ca4_JaffaCakes118
.dll windows:5 windows x86 arch:x86

b5eef883b759a53f1a0caa357291350d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

R:\jubejaii\mlIitIkrH\zQGDreXY\tabAwcbdkAcud\qbmMyjtdUksyl.pdb

Imports

ntoskrnl.exe

ExSetTimerResolution
IoAllocateErrorLogEntry
KeInitializeDpc
RtlUnicodeStringToOemString
RtlGetVersion
SeCaptureSubjectContext
IoVerifyPartitionTable
ExGetPreviousMode
ZwReadFile
KeEnterCriticalRegion
IoDeleteDevice
KeInitializeSemaphore
RtlCreateAcl
FsRtlNotifyUninitializeSync
RtlInitializeGenericTable
CcFlushCache
IoBuildPartialMdl
MmIsVerifierEnabled
ExDeleteResourceLite
IoReleaseVpbSpinLock
PsCreateSystemThread
KeInitializeQueue
KeDelayExecutionThread
FsRtlIsFatDbcsLegal
RtlCreateSecurityDescriptor
ExRegisterCallback
ObReferenceObjectByHandle
IoStartPacket
ObCreateObject
SeLockSubjectContext
IoGetDeviceProperty
KeGetCurrentThread
KeSetTargetProcessorDpc
RtlFindNextForwardRunClear
ZwDeleteValueKey
RtlWriteRegistryValue
IoGetInitialStack
CcMapData
KeTickCount
MmUnmapReservedMapping
FsRtlFastUnlockSingle
KeSetBasePriorityThread
ExAllocatePoolWithTag
KeInitializeSpinLock
KeLeaveCriticalRegion
ExRaiseAccessViolation
ObReleaseObjectSecurity
IoBuildSynchronousFsdRequest
MmMapLockedPagesSpecifyCache

Exports

Exports

?IsValidPointer@@YGPAIEH<V
?CallVersionOld@@YGPA_NPAHPAD<V
?IsNotStringW@@YGMIPAJ<V
?FormatDeviceEx@@YGHM<V
?IsDateTimeW@@YG_NJF<V
?InsertText9;

Sections

.text
Size: 65KB - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b5eef883b759a53f1a0caa357291350d

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 65KB - Virtual size: 91KB

.text
Size: 65KB - Virtual size: 91KB