401457320f5474e84dc77a4064d2ae00_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

401457320f5474e84dc77a4064d2ae00_JaffaCakes118
Size

183KB
MD5

401457320f5474e84dc77a4064d2ae00
SHA1

30cbc96cc051ba6023dbd11fb527b2346eacc704
SHA256

3e096132384c1e300f2ca14fd197d82b926edaa9c8dd4a6c077ff9c41909bdb6
SHA512

56b2a3b14b7ed3d69d68a571a99563635cc38626022ea37de22508694284724fa306f5d992901ef52cc539b47aa38db9447bbdee0578c2ea27596408d57aff59
SSDEEP

3072:K6/mFBrP2/E+7mslheiHsI/U+owztYcegkZq9lz7VOfy+1iVyEdQlK5z:f/YoE+a6hgiU+dOgaq9lz7VdPyEdbt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
401457320f5474e84dc77a4064d2ae00_JaffaCakes118

Files

401457320f5474e84dc77a4064d2ae00_JaffaCakes118
.dll windows:5 windows x86 arch:x86

52d5052f1af3ad86b9a1f3d929cf7632

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

T:\jddptCwgq\qomeydtl\weDoBopa\alDzFrhjWdRY.pdb

Imports

ntoskrnl.exe

ZwCreateKey
IoGetDmaAdapter
RtlWriteRegistryValue
SeAccessCheck
ExGetPreviousMode
RtlCopyString
CcUnpinDataForThread
ZwCreateDirectoryObject
RtlMapGenericMask
PsLookupProcessByProcessId
KeInitializeSemaphore
RtlInitAnsiString
CcPreparePinWrite
RtlxUnicodeStringToAnsiSize
ExLocalTimeToSystemTime
ExVerifySuite
KeLeaveCriticalRegion
RtlFindLeastSignificantBit
ExSystemTimeToLocalTime

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.i_txt
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.e_txt
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tele3
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tele1
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tele2
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tele4
Size: 512B - Virtual size: 475B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 612B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

52d5052f1af3ad86b9a1f3d929cf7632

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Sections

.text Size: 15KB - Virtual size: 15KB

.i_txt Size: 512B - Virtual size: 80B

.e_txt Size: 512B - Virtual size: 512B

.tele3 Size: 512B - Virtual size: 28B

.tele1 Size: 512B - Virtual size: 44B

.tele2 Size: 512B - Virtual size: 44B

.tele4 Size: 512B - Virtual size: 475B

.data Size: 21KB - Virtual size: 68KB

.rsrc Size: 19KB - Virtual size: 19KB

.reloc Size: 1024B - Virtual size: 612B

.text
Size: 15KB - Virtual size: 15KB

.i_txt
Size: 512B - Virtual size: 80B

.e_txt
Size: 512B - Virtual size: 512B

.tele3
Size: 512B - Virtual size: 28B

.tele1
Size: 512B - Virtual size: 44B

.tele2
Size: 512B - Virtual size: 44B

.tele4
Size: 512B - Virtual size: 475B

.data
Size: 21KB - Virtual size: 68KB

.rsrc
Size: 19KB - Virtual size: 19KB

.reloc
Size: 1024B - Virtual size: 612B