420d3166447fd7b63a02689ea2e7a16b_JaffaCakes118

General

Target

420d3166447fd7b63a02689ea2e7a16b_JaffaCakes118
Size

106KB
MD5

420d3166447fd7b63a02689ea2e7a16b
SHA1

6373c031a1096c57abe8a65e62e556c4206dcd40
SHA256

b35af32dbf53d2b0bf2fbffd4589cb3b8149558ca5b7569cc6478995d85ce074
SHA512

67d3ee7b7f7312b8c0c9399dec2ab0802e193ae33e476222b4e1b60192f4b8058360a17b0384412f1a80aa35b05008b7065381f38293ce48603a052339edb10b
SSDEEP

3072:ncnrkZYI2q+wNADkdgaKjJkNcbzCIVnijEN:cn4Z2noADkdNcJzCEim

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
420d3166447fd7b63a02689ea2e7a16b_JaffaCakes118

Files

420d3166447fd7b63a02689ea2e7a16b_JaffaCakes118
.dll windows:5 windows x86 arch:x86

1f74149bd8d597e4b3d870a3830734be

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

S:\zohfbakzPo\tgRswmAL\gDnntarGq.pdb

Imports

ntoskrnl.exe

RtlEqualString
RtlInitAnsiString
RtlInitString
FsRtlIsNameInExpression
PsIsThreadTerminating
FsRtlIsTotalDeviceFailure
RtlInitUnicodeString
ZwEnumerateKey
RtlCharToInteger
KeQueryActiveProcessors
RtlxUnicodeStringToAnsiSize
IoAllocateErrorLogEntry
CcIsThereDirtyData
RtlxAnsiStringToUnicodeSize
ExInitializeResourceLite
KeRemoveEntryDeviceQueue
RtlEqualUnicodeString
RtlEqualSid
KeInsertHeadQueue
FsRtlDeregisterUncProvider
MmMapLockedPagesSpecifyCache

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.code
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.icode
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fdata
Size: 1024B - Virtual size: 751B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 596B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1f74149bd8d597e4b3d870a3830734be

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Sections

.text Size: 13KB - Virtual size: 13KB

.itext Size: 512B - Virtual size: 88B

.code Size: 512B - Virtual size: 192B

.icode Size: 512B - Virtual size: 192B

.data Size: 12KB - Virtual size: 11KB

.fdata Size: 1024B - Virtual size: 751B

.rsrc Size: 20KB - Virtual size: 19KB

.reloc Size: 1024B - Virtual size: 596B

.text
Size: 13KB - Virtual size: 13KB

.itext
Size: 512B - Virtual size: 88B

.code
Size: 512B - Virtual size: 192B

.icode
Size: 512B - Virtual size: 192B

.data
Size: 12KB - Virtual size: 11KB

.fdata
Size: 1024B - Virtual size: 751B

.rsrc
Size: 20KB - Virtual size: 19KB

.reloc
Size: 1024B - Virtual size: 596B