3bad99585aaeaab84ede6baf5ef890da_JaffaCakes118

General

Target

3bad99585aaeaab84ede6baf5ef890da_JaffaCakes118
Size

36KB
MD5

3bad99585aaeaab84ede6baf5ef890da
SHA1

215dd191df089b8410ae528e52b682feb8070f60
SHA256

daf18c66e46a2ca4a97172fdb431c5ba2101469894f6b411aeac522ab787d5ee
SHA512

1700abf4fdfc1624613ccc68318ad0602faf9d8afcba50f0ddd13047549e1e283ec4c85209c6090c0dd469076bda842c7cada91343905b9d3b267f6b0a7ab410
SSDEEP

768:ONOTXCt/PFpRgxDVMFqykhfkzYSnj/RXEP9X9hgKD:XXopWpg29qFXM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3bad99585aaeaab84ede6baf5ef890da_JaffaCakes118

Files

3bad99585aaeaab84ede6baf5ef890da_JaffaCakes118
.dll windows:5 windows x86 arch:x86

da9e66b7e9b0a60fc71c2b969a3395ae

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\wPVyae\olxhlRfT\addjlryI\yzsQcy\vatfYkp.pdb

Imports

ntoskrnl.exe

CcSetBcbOwnerPointer
IoStartTimer
IoGetAttachedDevice
KeInitializeSpinLock
IoGetRequestorProcessId
CcCopyRead
RtlInitString
KdDisableDebugger
MmSecureVirtualMemory
RtlOemStringToUnicodeString
atoi
RtlAddAccessAllowedAceEx
KeInitializeTimer
RtlHashUnicodeString
ProbeForRead
CcUnpinDataForThread
SeAccessCheck
IoCreateSymbolicLink
RtlxAnsiStringToUnicodeSize
IoStartPacket
RtlEqualString
SeQueryInformationToken
RtlGetVersion
PsSetLoadImageNotifyRoutine
IoGetDeviceInterfaces
RtlClearAllBits
IoWMIRegistrationControl
RtlCompareString
ProbeForWrite

Exports

Exports

?djtSmcaozoCIrSPbdxGnnA@@YGPAIHD@Z
?MlwxfnB@@YGPANI@Z
?cbzLtckHwq@@YGFN@Z
?wxddshjQJxuuiuusOn@@YGHK@Z

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 940B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.INIT
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 772B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

da9e66b7e9b0a60fc71c2b969a3395ae

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 1024B - Virtual size: 940B

.INIT Size: 24KB - Virtual size: 24KB

.data Size: 1KB - Virtual size: 65KB

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 1024B - Virtual size: 772B

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 1024B - Virtual size: 940B

.INIT
Size: 24KB - Virtual size: 24KB

.data
Size: 1KB - Virtual size: 65KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 1024B - Virtual size: 772B