31304a49bce222d3caf87b263905f7c0_JaffaCakes118

General

Target

31304a49bce222d3caf87b263905f7c0_JaffaCakes118
Size

56KB
MD5

31304a49bce222d3caf87b263905f7c0
SHA1

b952a8c2531c4465c1529128302e2522821eb82f
SHA256

12bc25bb5c6d9af25ee90dc03f08d50ca4c0871b77f21cf66ec6a0f7f49f2e04
SHA512

78b99063108d263be7bcc920a0a86c6437f36f9ede0d7a97258fe80eae3fc1d7b76474faf20e823b9d1c12ea863e18bf9ca4eccfbb4824ce37269f591c1e0f8a
SSDEEP

1536:qneh3kyF6RogMCf7548Tmgv5kJqsPJzHoiQy6:qnW3p8RPzT548ToJqshzIiQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
31304a49bce222d3caf87b263905f7c0_JaffaCakes118

Files

31304a49bce222d3caf87b263905f7c0_JaffaCakes118
.dll windows:5 windows x86 arch:x86

94e7f78e165fa3afcbf055e4ea5d88cb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

K:\uywuUZjhEhBvgxsttcrkSf\txeoPperwmcu\cWsewpsdUzq\rlKqppBtooJ\crnlDNfnGAobamtx\bFyFxdyHFdBqiR.pdb

Imports

ntoskrnl.exe

RtlEqualString
RtlHashUnicodeString
RtlUpcaseUnicodeChar
IoAttachDeviceToDeviceStack
ExGetSharedWaiterCount
RtlEqualUnicodeString
RtlCharToInteger
ExReleaseResourceLite
RtlDeleteNoSplay
FsRtlCheckOplock
RtlCompareString
KeQuerySystemTime
KeInsertQueue
RtlIntegerToUnicodeString
RtlInitUnicodeString
IoGetAttachedDevice
RtlInitString
IoGetStackLimits
ExGetPreviousMode
SeQueryInformationToken
MmLockPagableSectionByHandle
ZwReadFile
RtlValidSecurityDescriptor
MmAllocateContiguousMemory
PsLookupThreadByThreadId
ExInitializeResourceLite

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 1024B - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 924B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

94e7f78e165fa3afcbf055e4ea5d88cb

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Sections

.text Size: 15KB - Virtual size: 15KB

.itext Size: 1024B - Virtual size: 64KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 9KB - Virtual size: 8KB

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 1024B - Virtual size: 924B

.text
Size: 15KB - Virtual size: 15KB

.itext
Size: 1024B - Virtual size: 64KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 9KB - Virtual size: 8KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 1024B - Virtual size: 924B