5bc92c069db4dac9a3f020da833a179d_JaffaCakes118

General

Target

5bc92c069db4dac9a3f020da833a179d_JaffaCakes118
Size

106KB
MD5

5bc92c069db4dac9a3f020da833a179d
SHA1

7f413482339572f5ce0a9eade86dc5ac3ac38925
SHA256

176c44a029c3959e66eecad2f28d1c5a2fb8fa7015b29d75a5f7f4a6de4b158f
SHA512

735e96dcacafc536ef8b52bd4df5b41d8fbb5434975c1a09ad0a81630f5105c2b41ef9f678d84bc5d92922288ccc8f0abb5a269606f124e6129573ac8d0c03c6
SSDEEP

3072:UtnkIwSLZYIftVnDkdgaKjJkNcbzCIVnijEN:wnaSLZDDkdNcJzCEim

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5bc92c069db4dac9a3f020da833a179d_JaffaCakes118

Files

5bc92c069db4dac9a3f020da833a179d_JaffaCakes118
.dll windows:5 windows x86 arch:x86

8e5adb13fe171f67011891188315007b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

Z:\uVihzeQMqd\mhxvqhaZcxvyzr\scflkwJfGFk\ntDarIHDznEc\ojIgdgaVyzxxh.pdb

Imports

ntoskrnl.exe

ExDeletePagedLookasideList
IoAllocateMdl
RtlxAnsiStringToUnicodeSize
CcUnpinDataForThread
RtlInitString
ZwDeleteKey
RtlEqualUnicodeString
MmLockPagableDataSection
IoIsSystemThread
RtlHashUnicodeString
IoRegisterDeviceInterface
KeRemoveByKeyDeviceQueue
RtlInitAnsiString
KeSetBasePriorityThread
IoGetDeviceInterfaceAlias
RtlFindUnicodePrefix
FsRtlIsTotalDeviceFailure
ExCreateCallback
RtlInitUnicodeString
RtlEqualString
RtlFindClearRuns
IoCheckShareAccess
RtlAnsiStringToUnicodeString

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.code
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.icode
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fdata
Size: 512B - Virtual size: 381B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 528B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8e5adb13fe171f67011891188315007b

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Sections

.text Size: 14KB - Virtual size: 13KB

.itext Size: 512B - Virtual size: 96B

.code Size: 512B - Virtual size: 192B

.icode Size: 512B - Virtual size: 192B

.data Size: 12KB - Virtual size: 12KB

.fdata Size: 512B - Virtual size: 381B

.rsrc Size: 20KB - Virtual size: 19KB

.reloc Size: 1024B - Virtual size: 528B

.text
Size: 14KB - Virtual size: 13KB

.itext
Size: 512B - Virtual size: 96B

.code
Size: 512B - Virtual size: 192B

.icode
Size: 512B - Virtual size: 192B

.data
Size: 12KB - Virtual size: 12KB

.fdata
Size: 512B - Virtual size: 381B

.rsrc
Size: 20KB - Virtual size: 19KB

.reloc
Size: 1024B - Virtual size: 528B