46b4eac74d962ae536787cd7df733fb7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

46b4eac74d962ae536787cd7df733fb7_JaffaCakes118
Size

267KB
MD5

46b4eac74d962ae536787cd7df733fb7
SHA1

70a0e65450ffe06f4465df19002871cdb183e663
SHA256

c49512d1559570fd8782751a3ed358f9b98037eee9b6077f5fca42370ed2caf9
SHA512

5581bb98eb87951163591ab045af35da1b6b7925e5fc9a77dbaa864e308c2a3d2d91b41e96a90f9305c1a9c171aed9204f2ef4862be62be8a2e135c30bd76c98
SSDEEP

6144:jKFoT5rCCwVwette322cmfGSwk/Nj1uni:jldKCLOS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
46b4eac74d962ae536787cd7df733fb7_JaffaCakes118

Files

46b4eac74d962ae536787cd7df733fb7_JaffaCakes118
.dll windows:5 windows x86 arch:x86

1d77ae8e26fa6453eba988f5321182f1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

J:\ySjyiO\Osvb\GMMunh.pdb

Imports

ntoskrnl.exe

KeAreApcsDisabled
RtlIntegerToUnicodeString
FsRtlCheckOplock
MmGetSystemRoutineAddress
MmPageEntireDriver
KeEnterCriticalRegion
KeReadStateTimer
RtlEqualUnicodeString
ExAllocatePoolWithQuotaTag
ZwCreateKey
KeInitializeSpinLock
RtlInitUnicodeString
KeRemoveQueue
KeSaveFloatingPointState
IoCreateDevice
RtlCompareString
PoStartNextPowerIrp
RtlRemoveUnicodePrefix
RtlInitString
RtlEqualString
ZwOpenProcess
strcpy
IoQueueWorkItem
CcCopyRead

Exports

Exports

qzi__qwMX_Ptd_cvwoBvp_ZPPD
N_A_BMY_GKSR
fcetu__hPFFQ_YLQ_
Myt_KLAQNN__X__P_gkxsWA
bi_uv_yacizeqs_c__z__dlnYRRHAs___cwnoRILFAbg
fr_saeLD_Q_BQ_PCZEGYTwQ_RAZU_YPbJD__RZPDHQRPR_Llau
V_Q___A_ACNFMitnkldjg___l_i_r_WDFAxe__dccw
f__tlbkxi_SBH_HFQ_ZvlQMezvtsriy
yczjrnKGL_UZksSIRgZWIf_rzjsg_c_u_qZGYZG_trw
FMXORJ__Ir_hkx_mhadu__c_tBLVU_G_j_fh_QU_D

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.INIT
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 796B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 940B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1d77ae8e26fa6453eba988f5321182f1

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 14KB - Virtual size: 14KB

.INIT Size: 10KB - Virtual size: 9KB

.rdata Size: 1024B - Virtual size: 796B

.data Size: 1KB - Virtual size: 65KB

DATA Size: 19KB - Virtual size: 18KB

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 1024B - Virtual size: 940B

.text
Size: 14KB - Virtual size: 14KB

.INIT
Size: 10KB - Virtual size: 9KB

.rdata
Size: 1024B - Virtual size: 796B

.data
Size: 1KB - Virtual size: 65KB

DATA
Size: 19KB - Virtual size: 18KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 1024B - Virtual size: 940B