6329c01d440465834ab079cea332d9d0_JaffaCakes118

General

Target

6329c01d440465834ab079cea332d9d0_JaffaCakes118
Size

32KB
MD5

6329c01d440465834ab079cea332d9d0
SHA1

0ddeba9784e7491985d1edb0e3b63d90f86b94eb
SHA256

db61324423ddd118e7ae63aad603e0d9396f11372871f029e325f175aad7e2d4
SHA512

23adbdc4bc8d6688c71c1316fa3bf3d171f26a831553b70b3abe67b140fa696145533dfa952a0ccd560d6b8d264e0a4dafe9c9b44a4f0a828f176508c8a0babe
SSDEEP

384:O3BVqMS5R7HyxFLuqsagDE6tHOkJBlHF61Ftx8Q+dWcnBjQNhqOLI+fD4g3rWVbu:O3BxeRBag1xOiHiK3U9LIuibZWd6pcJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6329c01d440465834ab079cea332d9d0_JaffaCakes118

Files

6329c01d440465834ab079cea332d9d0_JaffaCakes118
.dll windows:5 windows x86 arch:x86

2ed9f43396d3e73f9cfe30895c228a98

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

K:\kioqWjPI\bmlA\Slkuek\Gtpd\oTnahj.pdb

Imports

ntoskrnl.exe

IoFreeWorkItem
IoSetSystemPartition
MmUnmapLockedPages
RtlEqualUnicodeString
RtlInitString
RtlGetVersion
ExRegisterCallback
RtlEqualString
IoCheckEaBufferValidity
ZwQueryObject
RtlEnumerateGenericTable
RtlTimeToSecondsSince1980
IoGetDeviceObjectPointer
KeInitializeQueue
strchr
ExRaiseStatus
SeTokenIsAdmin
ZwCreateDirectoryObject
RtlInitUnicodeString
MmUnsecureVirtualMemory
MmAllocateContiguousMemory
RtlDeleteNoSplay
RtlCompareString
IoReportResourceForDetection
RtlInt64ToUnicodeString

Exports

Exports

?gq_bfskjofGK_YK_Oc@@YGMH@Z
?JFFGINQG_fT_C@@YGPAFKM@Z
?ami_XNJV@@YGXFM@Z
?aSX_EP_CX_DL_GO@@YGGFPAD@Z
?_W_KSj_vrcmyyjxag_xgz_@@YGPAH_N@Z
?NIOA_Aka_@@YGFH@Z
?_LVHlMSM__CG_C_@@YGXPAKH@Z
?NESKR_ENErqvnjt@@YGKHG@Z
?LttQEIFPOFt@@YGXI@Z
?ZOX_sUQQpVIEJNB@@YGHPAM@Z

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.INIT
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 844B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 848B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2ed9f43396d3e73f9cfe30895c228a98

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 9KB - Virtual size: 9KB

.INIT Size: 17KB - Virtual size: 17KB

.rdata Size: 1024B - Virtual size: 844B

.data Size: 1KB - Virtual size: 65KB

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 1024B - Virtual size: 848B

.text
Size: 9KB - Virtual size: 9KB

.INIT
Size: 17KB - Virtual size: 17KB

.rdata
Size: 1024B - Virtual size: 844B

.data
Size: 1KB - Virtual size: 65KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 1024B - Virtual size: 848B