4226d65b5a1ece79b7b6f47fb775e02f_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

4226d65b5a1ece79b7b6f47fb775e02f_JaffaCakes118
Size

159KB
MD5

4226d65b5a1ece79b7b6f47fb775e02f
SHA1

8f69745cf241c78765547e188d80bf833346b8f5
SHA256

b92f9a0dac1be500f1dcac942cc1726d7fc59e22d5c855f0a9b36ca7fc40f5ee
SHA512

93186c732e8569f9d241929762872df1a8dd33f6b8d97598d6f63c1fbe1ac300abba7307d268f880bdfb8c1884bbde26802b58bbb5e9c35ba8277dba7202a4ba
SSDEEP

3072:Cec7zreVgbH0GtFw86EveIn0C2cJaJFs0r9gkJKqDm+TAnBRjvt:InpT0+Wm0C2ckJ4f+iBRjv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4226d65b5a1ece79b7b6f47fb775e02f_JaffaCakes118

Files

4226d65b5a1ece79b7b6f47fb775e02f_JaffaCakes118
.dll windows:5 windows x86 arch:x86

1b8249ac91b70658ce1f92d95b49da35

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

N:\ywndeyuyZi\ilxrwyKLqLi\uzEvzifnBliAiZ.pdb

Imports

ntoskrnl.exe

RtlNumberOfClearBits
RtlCopyUnicodeString
ExVerifySuite
CcDeferWrite
KeInsertByKeyDeviceQueue
ExLocalTimeToSystemTime
MmFreeNonCachedMemory
RtlFindLeastSignificantBit
RtlAddAccessAllowedAceEx
RtlFindClearRuns
IoSetHardErrorOrVerifyDevice
IoWMIRegistrationControl
IoReportDetectedDevice
RtlQueryRegistryValues
RtlInitAnsiString
ExSystemTimeToLocalTime
MmIsAddressValid
SeTokenIsAdmin
CcFastCopyRead

Sections

.text
Size: 39KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.i_txt
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.e_txt
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tele3
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tele1
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tele2
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tele4
Size: 1024B - Virtual size: 711B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 632B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1b8249ac91b70658ce1f92d95b49da35

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Sections

.text Size: 39KB - Virtual size: 42KB

.i_txt Size: 512B - Virtual size: 80B

.e_txt Size: 512B - Virtual size: 512B

.tele3 Size: 512B - Virtual size: 28B

.tele1 Size: 512B - Virtual size: 44B

.tele2 Size: 512B - Virtual size: 44B

.tele4 Size: 1024B - Virtual size: 711B

.data Size: 15KB - Virtual size: 46KB

.rsrc Size: 11KB - Virtual size: 11KB

.reloc Size: 1024B - Virtual size: 632B

.text
Size: 39KB - Virtual size: 42KB

.i_txt
Size: 512B - Virtual size: 80B

.e_txt
Size: 512B - Virtual size: 512B

.tele3
Size: 512B - Virtual size: 28B

.tele1
Size: 512B - Virtual size: 44B

.tele2
Size: 512B - Virtual size: 44B

.tele4
Size: 1024B - Virtual size: 711B

.data
Size: 15KB - Virtual size: 46KB

.rsrc
Size: 11KB - Virtual size: 11KB

.reloc
Size: 1024B - Virtual size: 632B