497dd9238b2bd1061913a1a985c64ade_JaffaCakes118

General

Target

497dd9238b2bd1061913a1a985c64ade_JaffaCakes118
Size

36KB
MD5

497dd9238b2bd1061913a1a985c64ade
SHA1

6d1edf92fbbc3d7e6240de4bed1a0e208ef2ffaa
SHA256

3241baaf4d354d6b550855b31b022e7b85ca6994ce142968a2b0b3b81b683272
SHA512

8048071010b6e8e6dafe802238950a6dc30b1f9bc585eef2fe2b2e5b0366e504364656e7a25819b0c2f6529a3c9e69549670cea17f25f8f1a83aeec1d8a53487
SSDEEP

768:EmOCT0DdD4Kg2gp7SxIUF8N4MJf/k5MJNeN:EmJmD+mxTIESJU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
497dd9238b2bd1061913a1a985c64ade_JaffaCakes118

Files

497dd9238b2bd1061913a1a985c64ade_JaffaCakes118
.dll windows:5 windows x86 arch:x86

8887ec68b79e635901c975623799f41b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

U:\mUhvxchA\dbwgpwov\jUsnpVW\pMlurWnL\nEabIgjl.pdb

Imports

ntoskrnl.exe

RtlCompareString
CcFastCopyRead
IoInitializeIrp
MmGetPhysicalAddress
RtlEqualUnicodeString
IoGetRequestorProcessId
CcUnpinDataForThread
RtlOemStringToUnicodeString
KeRegisterBugCheckCallback
RtlUpperChar
ExAcquireFastMutexUnsafe
IoCheckShareAccess
RtlEqualString
RtlInitUnicodeString
ZwEnumerateKey
IoBuildPartialMdl
FsRtlLookupLastLargeMcbEntry
CcCopyRead
SeTokenIsAdmin
RtlInitString
IoCreateNotificationEvent
ZwOpenProcess
SeAccessCheck
IoStartTimer
IoFreeWorkItem
KeReadStateEvent
atoi
ObQueryNameString

Exports

Exports

?BEXQsh_x_or@@YGJ_N@Z
?agrjK_zjb_cge_@@YGMMJ@Z
?zv_tr_ssid@@YGXEPAH@Z
?_kl___uyz__@@YGPAMPAN@Z
?g__no__ZNCPN_D_kn@@YGGM@Z
?SAEZ_FTPlcwxl_wm@@YG_NPAEI@Z

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.INIT
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 908B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 760B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8887ec68b79e635901c975623799f41b

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.INIT Size: 24KB - Virtual size: 23KB

.rdata Size: 1024B - Virtual size: 908B

.data Size: 1KB - Virtual size: 65KB

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 1024B - Virtual size: 760B

.text
Size: 7KB - Virtual size: 6KB

.INIT
Size: 24KB - Virtual size: 23KB

.rdata
Size: 1024B - Virtual size: 908B

.data
Size: 1KB - Virtual size: 65KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 1024B - Virtual size: 760B