70f3e9150fdcf1c7d3117fed1fb4e072_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

70f3e9150fdcf1c7d3117fed1fb4e072_JaffaCakes118
Size

34KB
MD5

70f3e9150fdcf1c7d3117fed1fb4e072
SHA1

f8a06fda9c327bcd1421b872b0f9738a57dca494
SHA256

993aa242277d5f1bc26a1c6f7b9dab43f7e6721396ba48aea4ad1e16d96f1f98
SHA512

9c1184f8b42d7a04df1246cb7974c458c0b7f8889cccaafb2d1f87fd1d8561d4af4f78d2347cfafb55bce8f31e674fb389e4673bd6ecf60bb5f1a87d7a4a0650
SSDEEP

768:xQ0etOZvbGNKvYejIA3f+h8EJ9IWX5QEFIW1QzXewO7:jM0TGC9v3fSJKuezXewO7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
70f3e9150fdcf1c7d3117fed1fb4e072_JaffaCakes118

Files

70f3e9150fdcf1c7d3117fed1fb4e072_JaffaCakes118
.dll windows:5 windows x86 arch:x86

72504cc29d4f0f247db25b5a81a7dba6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

O:\Biapzc\ruywvp\idfmcBp\jICwE\LyerWMht.pdb

Imports

ntoskrnl.exe

RtlFillMemoryUlong
RtlRandom
RtlCompareString
ExReleaseResourceLite
KeQueryActiveProcessors
RtlInitUnicodeString
RtlEqualUnicodeString
KeResetEvent
RtlUnicodeStringToAnsiString
RtlIntegerToUnicodeString
wcschr
KeEnterCriticalRegion
RtlEqualString
MmProbeAndLockPages
PoUnregisterSystemState
ZwMapViewOfSection
IoBuildSynchronousFsdRequest
RtlGetVersion
RtlUpperString
RtlInitString
IoGetCurrentProcess
RtlUnicodeToOemN
RtlVerifyVersionInfo
KeRundownQueue

Exports

Exports

plpdlBXERB_LD_AQZEFUOXF_L_Pp_wnrb_p
VCvwtvys_e_hxpmLSP__RQC___GC_xlvdWERUGqqt
yaw_tfPKzgQTLI_OKIX__K_ZMC_US
OKUQ__XO_Eu_ai_lG_FV_V_OclyMqbOLGZ_Nq_v__vDGS_E
UZD_LB__A_RG_lvuj
uwzWVOLCQ_MGScwkFOM_YZlcoqFGQOODREFMWZG__
v_mbMM_ccKTLQPTKN_TrR_Y
ef_ELCNUNLGTOF_iZTQ__Wz_tisFXI_FYF_h__Bpq__l_avezRUA_YL
HQEF__COYIiE_SKCES_Y_QGcpfydO_DOQGep_l_jcmplhlqS
uw_xf_gnKg
Whx___lvlwfxsubCCKQ_PbrdfEUPV_uk__JXSUDdemcABB_H__DW__
bFHAFLHcolQlzq_e_mh_q_bvPFNUH__

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.INIT
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 812B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 940B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

72504cc29d4f0f247db25b5a81a7dba6

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 10KB - Virtual size: 10KB

.INIT Size: 10KB - Virtual size: 9KB

.rdata Size: 1024B - Virtual size: 812B

.data Size: 2KB - Virtual size: 65KB

DATA Size: 8KB - Virtual size: 8KB

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 1024B - Virtual size: 940B

.text
Size: 10KB - Virtual size: 10KB

.INIT
Size: 10KB - Virtual size: 9KB

.rdata
Size: 1024B - Virtual size: 812B

.data
Size: 2KB - Virtual size: 65KB

DATA
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 1024B - Virtual size: 940B