49966fabbefcab8f8ebe69b46c1128f2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

49966fabbefcab8f8ebe69b46c1128f2_JaffaCakes118
Size

106KB
MD5

49966fabbefcab8f8ebe69b46c1128f2
SHA1

6713cb5b3f6f5ef09b10df11dbd4d0a8608d910c
SHA256

78f26e9f44e18d8ca8cb882841bde0bd77008933dc949993d7817d699740dc30
SHA512

add68f7b0b5811ea096309f0b56922dc513e4833e9dc2ffca60307bc4351c01cd1ecdb8f6140207482e008c41aea0addc7f8074523e7f52fb19eb9f691ac0b99
SSDEEP

3072:c+xOG+cQYDBUkfLGOK8LHJkd06WSlkNcAGtBvZBYHUg+:ZxiF0BlfV7HJkdxZKGt94Hg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
49966fabbefcab8f8ebe69b46c1128f2_JaffaCakes118

Files

49966fabbefcab8f8ebe69b46c1128f2_JaffaCakes118
.dll windows:5 windows x86 arch:x86

f1310c3c68700fd8042cca27f89f2439

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

H:\PScOfHTL\ZlhnauJwDjTmfo\KnqsadynjT.pdb

Imports

ntoskrnl.exe

RtlxAnsiStringToUnicodeSize
MmMapIoSpace
KeCancelTimer
RtlEqualUnicodeString
MmSecureVirtualMemory
IoCreateNotificationEvent
KeInitializeApc
RtlEnumerateGenericTable
KeInsertQueue
KeReadStateMutex
KeSetEvent
RtlInitAnsiString
ZwDeleteKey
RtlxUnicodeStringToAnsiSize
RtlEqualString
ObReleaseObjectSecurity
PsLookupProcessByProcessId
RtlInitString
RtlInitUnicodeString
IoAllocateController

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idat
Size: 512B - Virtual size: 84B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 574B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ztest
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.stest
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.init
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.srdat
Size: 512B - Virtual size: 350B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f1310c3c68700fd8042cca27f89f2439

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Sections

.text Size: 14KB - Virtual size: 13KB

.idat Size: 512B - Virtual size: 84B

.idata Size: 1024B - Virtual size: 574B

.ztest Size: 512B - Virtual size: 192B

.stest Size: 512B - Virtual size: 192B

.init Size: 10KB - Virtual size: 9KB

.srdat Size: 512B - Virtual size: 350B

.data Size: 2KB - Virtual size: 1KB

.rsrc Size: 20KB - Virtual size: 19KB

.reloc Size: 1024B - Virtual size: 576B

.text
Size: 14KB - Virtual size: 13KB

.idat
Size: 512B - Virtual size: 84B

.idata
Size: 1024B - Virtual size: 574B

.ztest
Size: 512B - Virtual size: 192B

.stest
Size: 512B - Virtual size: 192B

.init
Size: 10KB - Virtual size: 9KB

.srdat
Size: 512B - Virtual size: 350B

.data
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 20KB - Virtual size: 19KB

.reloc
Size: 1024B - Virtual size: 576B