4afe5c6df4089da5f76ac353a7cedbe1_JaffaCakes118

General

Target

4afe5c6df4089da5f76ac353a7cedbe1_JaffaCakes118
Size

48KB
MD5

4afe5c6df4089da5f76ac353a7cedbe1
SHA1

4d09ef18e6030c12c83e50b7d6e9b05ae21459ea
SHA256

170f163f50db2b5991a02dd4c773f873b750fac6204278fed9cc9485edf70a84
SHA512

784b75d2d3ad8634003c40ecbf02ad177041ca9ae76a968c5a36a505c538b3297276eaf7cf8254ca10975a7b57c90950478d4d427769e30f770e9f89b9781fd9
SSDEEP

768:vsqRr1OimkwqqzUbSv2iTeIW8dL5/KlIV6:vzRrQXqLb42i6bg5/KlI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4afe5c6df4089da5f76ac353a7cedbe1_JaffaCakes118

Files

4afe5c6df4089da5f76ac353a7cedbe1_JaffaCakes118
.dll windows:5 windows x86 arch:x86

79bc4ba912719ab32ebe55843fdb5338

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

Y:\zZvzWsAh\kWlrpud\eNvh\xDtmh\qdjuaG.pdb

Imports

ntoskrnl.exe

IoGetCurrentProcess
FsRtlFastCheckLockForRead
RtlInt64ToUnicodeString
MmForceSectionClosed
MmFreePagesFromMdl
ExAcquireResourceSharedLite
ExFreePool
ExDeleteNPagedLookasideList
FsRtlCheckLockForReadAccess
KeResetEvent
KeClearEvent
RtlAppendUnicodeToString
RtlCompareString
KeSaveFloatingPointState
RtlFindSetBits
PsGetVersion
IoSetSystemPartition
DbgBreakPointWithStatus
RtlInitString
ExAcquireFastMutexUnsafe
KeBugCheck
SeQueryInformationToken
IoDeleteSymbolicLink
IoInvalidateDeviceRelations
IoRemoveShareAccess
RtlInitAnsiString
IoFreeController

Exports

Exports

?LoZxXgpi@@YGPAHPAI@Z
?agyKkogzpeP@@YGEG@Z

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

79bc4ba912719ab32ebe55843fdb5338

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 7KB

.itext Size: 4KB - Virtual size: 12KB

.rdata Size: 7KB - Virtual size: 7KB

.idata Size: 2KB - Virtual size: 2KB

.edata Size: 23KB - Virtual size: 23KB

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 8KB - Virtual size: 7KB

.itext
Size: 4KB - Virtual size: 12KB

.rdata
Size: 7KB - Virtual size: 7KB

.idata
Size: 2KB - Virtual size: 2KB

.edata
Size: 23KB - Virtual size: 23KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 1KB - Virtual size: 1KB