5a9e14e500ab7fa91bdf53e7aea06721_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5a9e14e500ab7fa91bdf53e7aea06721_JaffaCakes118
Size

159KB
MD5

5a9e14e500ab7fa91bdf53e7aea06721
SHA1

5c808a46b4cb749206b0b924ab9f5f4ca97d654b
SHA256

dc9694e1d5b2fe57f2fdb56a96c8fb51f2ab2acf4f4b4fc86c687b7822a3df89
SHA512

93c2a8f856e994936662aeca91543f4b3a4230a863170e3b8ee96261773044b2807c79b895dfd13747f641237f8afdec85b3746c1d820536c8d982e807c91bf3
SSDEEP

3072:xlWE4I/efCwJgs8ogZY0Dv0DzxOpyveIn0C2cJaJFs0r9gkJKqDm+TAnBRjvt:xUZawJgn2zwA0C2ckJ4f+iBRjv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5a9e14e500ab7fa91bdf53e7aea06721_JaffaCakes118

Files

5a9e14e500ab7fa91bdf53e7aea06721_JaffaCakes118
.dll windows:5 windows x86 arch:x86

28ec708cf618905c9e6f32d4bf568860

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

M:\VzuvLnbfla\svRonnpvRmW\zqiJkuuMpdmwya\tWqTeyhgdsktb.pdb

Imports

ntoskrnl.exe

RtlQueryRegistryValues
RtlxUnicodeStringToOemSize
PoUnregisterSystemState
IoGetRelatedDeviceObject
RtlVerifyVersionInfo
RtlFindClearBitsAndSet
RtlTimeToTimeFields
RtlInitString
RtlSetDaclSecurityDescriptor
IoGetRequestorProcessId
IoFreeController
ExRaiseDatatypeMisalignment
KeSetPriorityThread
RtlClearBits
RtlInitUnicodeString
RtlxUnicodeStringToAnsiSize
RtlEqualUnicodeString
RtlAppendStringToString
RtlEqualString
IoWMIRegistrationControl
KeDeregisterBugCheckCallback

Exports

Exports

?EnumSizeEx@@IJJIF@X
?RemoveDate@@IJGIKPAK@X
?FreeFileOriginal@@IJPAGH@X
?DeleteMessageOld@@IJPAJNPAK@X
?SetTextA@@IJENE@X
?RemoveTimeOriginal@@IJPAEEPAFNF@X
?PutListItemEx@@IJDPAFPAGD@X
?InsertTextNew@@IJGFPAGPAG@X
?CopyFunctionNew@@IJJMPAH@X
?GlobalSection@@IJ_NKE@X
?LoadListNew@@IJMMJ@X
?FindObjectExW@@IJPAXEGMPAK@X
?IncrementKeyNameOriginal@@IJFPAFHHJ@X
?CloseEventExA@@IJNNPAKE@X
?GlobalPointEx@@IJJD@X
?CallOptionOriginal@@IJXPAMKPANJ@X
?SetExpressionA@@IJPAKPA_N@X

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 668B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.init
Size: 512B - Virtual size: 140B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.string
Size: 1024B - Virtual size: 674B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 416B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

28ec708cf618905c9e6f32d4bf568860

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 11KB - Virtual size: 10KB

.itext Size: 512B - Virtual size: 88B

.idata Size: 1024B - Virtual size: 668B

.init Size: 512B - Virtual size: 140B

.string Size: 1024B - Virtual size: 674B

.data Size: 12KB - Virtual size: 51KB

.rsrc Size: 17KB - Virtual size: 16KB

.reloc Size: 512B - Virtual size: 416B

.text
Size: 11KB - Virtual size: 10KB

.itext
Size: 512B - Virtual size: 88B

.idata
Size: 1024B - Virtual size: 668B

.init
Size: 512B - Virtual size: 140B

.string
Size: 1024B - Virtual size: 674B

.data
Size: 12KB - Virtual size: 51KB

.rsrc
Size: 17KB - Virtual size: 16KB

.reloc
Size: 512B - Virtual size: 416B