5a12eb2f74857aacdb5d2412c46d5e09_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5a12eb2f74857aacdb5d2412c46d5e09_JaffaCakes118
Size

57KB
MD5

5a12eb2f74857aacdb5d2412c46d5e09
SHA1

3e24a163622696a4dda33db3cc60c60a6b778e4a
SHA256

f7666929900f90792335cae77c1410d06d881f5d0bb1e51dbf3a283a38d1c3f1
SHA512

4ecfb9fb506903994928636a82d32bdd506e63a6f03c3418b73d55f34f90d89173e1a0ab237c0c1f5f21485526162e51f2792801626ad2b186533f393f44bd06
SSDEEP

768:ssw2HpXQNlq6sSnZYGOk9argR77Zom+va4d9JuIkeI1rvTCFVG:s0Hpalq6siYGp9arUZj49JrI5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5a12eb2f74857aacdb5d2412c46d5e09_JaffaCakes118

Files

5a12eb2f74857aacdb5d2412c46d5e09_JaffaCakes118
.dll windows:5 windows x86 arch:x86

6cccc9416e07595fdcac84a6be4b3a05

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\xldydnqX\HlwfWOSdDeo\fnqdeOnEeoZoUp\csaXnrnoLay\uGzhvTDAv.pdb

Imports

ntoskrnl.exe

RtlInitAnsiString
RtlFindLeastSignificantBit
KeInsertQueueDpc
KeDelayExecutionThread
ExSystemTimeToLocalTime
RtlFindClearRuns
KeReadStateTimer
ExLocalTimeToSystemTime
KeSaveFloatingPointState
IoGetDeviceInterfaces
KdEnableDebugger
RtlAreBitsSet
ZwOpenProcess
ExVerifySuite
IoGetAttachedDeviceReference
IoGetBootDiskInformation
IoGetRelatedDeviceObject
KeInsertHeadQueue

Sections

.text
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.i_txt
Size: 512B - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.e_txt
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tele3
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tele1
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tele2
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tele4
Size: 512B - Virtual size: 427B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 604B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6cccc9416e07595fdcac84a6be4b3a05

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Sections

.text Size: 15KB - Virtual size: 14KB

.i_txt Size: 512B - Virtual size: 76B

.e_txt Size: 512B - Virtual size: 512B

.tele3 Size: 512B - Virtual size: 28B

.tele1 Size: 512B - Virtual size: 44B

.tele2 Size: 512B - Virtual size: 44B

.tele4 Size: 512B - Virtual size: 427B

.data Size: 22KB - Virtual size: 69KB

.rsrc Size: 15KB - Virtual size: 14KB

.reloc Size: 1024B - Virtual size: 604B

.text
Size: 15KB - Virtual size: 14KB

.i_txt
Size: 512B - Virtual size: 76B

.e_txt
Size: 512B - Virtual size: 512B

.tele3
Size: 512B - Virtual size: 28B

.tele1
Size: 512B - Virtual size: 44B

.tele2
Size: 512B - Virtual size: 44B

.tele4
Size: 512B - Virtual size: 427B

.data
Size: 22KB - Virtual size: 69KB

.rsrc
Size: 15KB - Virtual size: 14KB

.reloc
Size: 1024B - Virtual size: 604B