5c44c6b664cdd7fd97df2066a3da8a50_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5c44c6b664cdd7fd97df2066a3da8a50_JaffaCakes118
Size

106KB
MD5

5c44c6b664cdd7fd97df2066a3da8a50
SHA1

f866230bad1adb2cb728f5ce4beacde77928247b
SHA256

d33518ed355fedb5e3bb40e024dca30718b80b1f2de3ecb8c400e64ee301f6db
SHA512

29f834dac84fee345b10ac892275bf5c5ed464c1184a0d2eb23026cc60ed830d94e35be6e92d3cf599ea4d11c417148ad06375587ad65234781a0c028edb1360
SSDEEP

1536:eG8qz+eAPdPGjUAg1rLw2CmVTXqfgkNcoI13DXo925bVn+KuwqjEwy:e2mPdPSU/42togkNcbzCIVnijEN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5c44c6b664cdd7fd97df2066a3da8a50_JaffaCakes118

Files

5c44c6b664cdd7fd97df2066a3da8a50_JaffaCakes118
.dll windows:5 windows x86 arch:x86

6e0755b42c5e8e6d371539338fbdee87

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

Y:\maeCcaxar\uptgfApq\aijinnfnavqh\xfxhkfKlxxd.pdb

Imports

ntoskrnl.exe

ExVerifySuite
ExSystemTimeToLocalTime
KeWaitForSingleObject
ExLocalTimeToSystemTime
KeSetTimerEx
FsRtlGetNextFileLock
KeReadStateMutex
CcSetBcbOwnerPointer
RtlCompareString
KeQueryTimeIncrement
ExSetResourceOwnerPointer
ZwQueryInformationFile
RtlFindLeastSignificantBit
ZwCreateFile
ZwQueryObject
IoRaiseHardError
KeReleaseSemaphore
IoAllocateIrp
RtlInitString
RtlInitAnsiString
ExRaiseAccessViolation

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.i_txt
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.e_txt
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tele3
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tele1
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tele2
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tele4
Size: 512B - Virtual size: 424B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 608B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6e0755b42c5e8e6d371539338fbdee87

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Sections

.text Size: 15KB - Virtual size: 15KB

.i_txt Size: 512B - Virtual size: 88B

.e_txt Size: 512B - Virtual size: 512B

.tele3 Size: 512B - Virtual size: 28B

.tele1 Size: 512B - Virtual size: 44B

.tele2 Size: 512B - Virtual size: 44B

.tele4 Size: 512B - Virtual size: 424B

.data Size: 22KB - Virtual size: 68KB

.rsrc Size: 19KB - Virtual size: 18KB

.reloc Size: 1024B - Virtual size: 608B

.text
Size: 15KB - Virtual size: 15KB

.i_txt
Size: 512B - Virtual size: 88B

.e_txt
Size: 512B - Virtual size: 512B

.tele3
Size: 512B - Virtual size: 28B

.tele1
Size: 512B - Virtual size: 44B

.tele2
Size: 512B - Virtual size: 44B

.tele4
Size: 512B - Virtual size: 424B

.data
Size: 22KB - Virtual size: 68KB

.rsrc
Size: 19KB - Virtual size: 18KB

.reloc
Size: 1024B - Virtual size: 608B