38102efacbbbb2626b9f340edc4226a2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

38102efacbbbb2626b9f340edc4226a2_JaffaCakes118
Size

159KB
MD5

38102efacbbbb2626b9f340edc4226a2
SHA1

afba3a6f1bca04a530f81ab8108b4309461b28a1
SHA256

f81512032a4b4fd2e3347910366e2c201c8c58caa8c0c3ed509cb0c73fb57c8f
SHA512

52416f2178c42587de649dea07718f69d6a529b49f815a99c47eaeba4b7d35bdbd0750451f36a075e5f96f0a2e7171aef21da998da1afff3e7dcecee720e6642
SSDEEP

3072:79zw84w3WrAxFFWFY69NrdlQzXVPkD6c2FfL26HQnZ3gXk23s5Pa+jB3fwLEx:79zw8BWLswL2FfL3yJaU3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
38102efacbbbb2626b9f340edc4226a2_JaffaCakes118

Files

38102efacbbbb2626b9f340edc4226a2_JaffaCakes118
.dll windows:5 windows x86 arch:x86

2ffde54ba4a3a536a2ed22b734383f42

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

I:\ImvTwMPPyGa\uTcbhkga\ugpymdcbdeaf\tuSwjEHmw\hhRaAoRvgnIxe.pdb

Imports

ntoskrnl.exe

RtlTimeToTimeFields
RtlxUnicodeStringToOemSize
RtlEqualUnicodeString
ExReleaseFastMutexUnsafe
MmSetAddressRangeModified
KeInsertByKeyDeviceQueue
RtlInitString
RtlxUnicodeStringToAnsiSize
KdDisableDebugger
IoAllocateController
CcCopyWrite
RtlEqualString
RtlNtStatusToDosError
KeLeaveCriticalRegion
RtlInitUnicodeString
IoGetBootDiskInformation
RtlFindLeastSignificantBit

Exports

Exports

?RemoveThreadExA@@IJFPAKIPAHE@X
?HideObjectOriginal@@IJMM@X
?GenerateAnchorExA@@IJXFEPAJ@X
?IncrementTime@@IJHPAEJ@X
?GenerateMediaTypeNew@@IJPAMGPAH@X
?GlobalDate@@IJFPADDPAMH@X
?DeleteOptionExA@@IJ_NGPANN@X
?GlobalWindowA@@IJ_NKMNPAM@X
?EnumProviderA@@IJFPAMPAK@X
?RtlCommandLineOld@@IJFEFPAII@X
?InsertKeyNameOld@@IJHHPAM@X
?RemoveDateOriginal@@IJXFE@X
?HideDateW@@IJPAHKDPADPA_N@X
?SendFunction@@IJJD_NM@X
?IsRectExW@@IJIH@X
?HidePenOriginal@@IJFFPAJ@X

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 538B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.init
Size: 512B - Virtual size: 140B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.string
Size: 512B - Virtual size: 300B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 396B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2ffde54ba4a3a536a2ed22b734383f42

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 11KB - Virtual size: 10KB

.itext Size: 512B - Virtual size: 72B

.idata Size: 1024B - Virtual size: 538B

.init Size: 512B - Virtual size: 140B

.string Size: 512B - Virtual size: 300B

.data Size: 12KB - Virtual size: 51KB

.rsrc Size: 17KB - Virtual size: 17KB

.reloc Size: 512B - Virtual size: 396B

.text
Size: 11KB - Virtual size: 10KB

.itext
Size: 512B - Virtual size: 72B

.idata
Size: 1024B - Virtual size: 538B

.init
Size: 512B - Virtual size: 140B

.string
Size: 512B - Virtual size: 300B

.data
Size: 12KB - Virtual size: 51KB

.rsrc
Size: 17KB - Virtual size: 17KB

.reloc
Size: 512B - Virtual size: 396B