3efb964a6958d77c00619e3d80ff3277_JaffaCakes118

General

Target

3efb964a6958d77c00619e3d80ff3277_JaffaCakes118
Size

51KB
MD5

3efb964a6958d77c00619e3d80ff3277
SHA1

3b71a0f4c1126c839430400bef818ac820cc81d1
SHA256

10425244a05427e28a60c5cee8d17af5142a53c39671772cd4cfa1313c05580d
SHA512

fdda1f40a147446ea2a42952857fb04a99f65fb2c2943a6acf50cfddca08d18e2946e52ae5cc0ef06f79c83a951c68b3cce23d52a1b454e9c09f5161bdadd320
SSDEEP

1536:sxgQUxyL1QSY34oN4/bZiNv0ySxyyzGEG:MgQvSooicNv0yYHu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3efb964a6958d77c00619e3d80ff3277_JaffaCakes118

Files

3efb964a6958d77c00619e3d80ff3277_JaffaCakes118
.dll windows:5 windows x86 arch:x86

2e060d560472a7ddbd8aaf71ef2d726a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

K:\EJkrcqpGh\xNaWUnmrd\kYxmhcmkuetwM\xdjmAkFbjf.pdb

Imports

ntoskrnl.exe

RtlEqualUnicodeString
ZwAllocateVirtualMemory
ExReleaseResourceLite
RtlCompareUnicodeString
RtlInt64ToUnicodeString
KeDeregisterBugCheckCallback
RtlUpperChar
KeInsertHeadQueue
RtlInitUnicodeString
RtlStringFromGUID
RtlInitString
RtlIntegerToUnicodeString
KeInsertByKeyDeviceQueue
IoFreeWorkItem
MmSecureVirtualMemory
KeInitializeTimerEx
IoGetDeviceInterfaceAlias
RtlEqualString
RtlCompareString
RtlAnsiCharToUnicodeChar
IoRegisterDeviceInterface
ZwDeleteValueKey
KeInitializeDpc
IoReportResourceForDetection
KeInitializeApc
RtlUnicodeStringToAnsiString
KeRestoreFloatingPointState

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 1024B - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 836B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2e060d560472a7ddbd8aaf71ef2d726a

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Sections

.text Size: 14KB - Virtual size: 14KB

.itext Size: 1024B - Virtual size: 64KB

.rdata Size: 20KB - Virtual size: 20KB

.data Size: 9KB - Virtual size: 8KB

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 1024B - Virtual size: 836B

.text
Size: 14KB - Virtual size: 14KB

.itext
Size: 1024B - Virtual size: 64KB

.rdata
Size: 20KB - Virtual size: 20KB

.data
Size: 9KB - Virtual size: 8KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 1024B - Virtual size: 836B