41e505012b9b619692772b1b470dbaa4_JaffaCakes118

General

Target

41e505012b9b619692772b1b470dbaa4_JaffaCakes118
Size

65KB
MD5

41e505012b9b619692772b1b470dbaa4
SHA1

cf7b893a2b0adc996d5cd92f58c4470064f92fe9
SHA256

3d5395fe411f59dab9d4e7adf113206778881841b83a10a6a71fdb009bd51d64
SHA512

fb44747254624e8afd2ee9079cb0a945642f1715d25af33745207570aba4f5b8432ad48302ca040561d5b1207152c6d0f16fc613921fafe5b3ff25b23f0b0612
SSDEEP

1536:IhkqNypNbIF6RogMCflADx9B48MYPmcfYRqHjj21vLbYAg:IGqU68RPztO948VPTwRqX2RbYB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
41e505012b9b619692772b1b470dbaa4_JaffaCakes118

Files

41e505012b9b619692772b1b470dbaa4_JaffaCakes118
.dll windows:5 windows x86 arch:x86

30b2810e4cb775daa2bf6781bef04077

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

W:\PbquhlRpcAdhhuyKbczr\AyltrqXjHxh\uGhnQFjKIYLnbwhvqAu\KtbsMEwjScby\dFusrzkQier\cmbdjZavnryCarjxsgE\BdwuqlctyPlbhwPamHb.pdb

Imports

ntoskrnl.exe

RtlCharToInteger
KeEnterCriticalRegion
KeReadStateEvent
IoReleaseCancelSpinLock
RtlIntegerToUnicodeString
RtlCompareString
RtlInitString
CcSetBcbOwnerPointer
PsGetCurrentProcessId
KeWaitForMultipleObjects
RtlNumberOfClearBits
IoGetDriverObjectExtension
CcRemapBcb
RtlInitUnicodeString
CcIsThereDirtyData
IoAttachDeviceToDeviceStack
IoUpdateShareAccess
RtlSetDaclSecurityDescriptor
ExFreePoolWithTag
SeDeassignSecurity
KeInitializeTimerEx
IoBuildPartialMdl
RtlEqualString
FsRtlLookupLastLargeMcbEntry
ZwOpenProcess
RtlEqualUnicodeString
SeTokenIsAdmin
RtlLengthRequiredSid

Sections

.text
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 1024B - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 776B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

30b2810e4cb775daa2bf6781bef04077

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Sections

.text Size: 15KB - Virtual size: 14KB

.itext Size: 1024B - Virtual size: 64KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 9KB - Virtual size: 8KB

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 1024B - Virtual size: 776B

.text
Size: 15KB - Virtual size: 14KB

.itext
Size: 1024B - Virtual size: 64KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 9KB - Virtual size: 8KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 1024B - Virtual size: 776B