779c77cddb96731168bc7eac885caed8_JaffaCakes118

General

Target

779c77cddb96731168bc7eac885caed8_JaffaCakes118
Size

183KB
MD5

779c77cddb96731168bc7eac885caed8
SHA1

7cccaeecedf6cded01c2e74074ba972087a0ee98
SHA256

f7cb45b7e8c55b61876f28f33b41a89a52b038d51ecef0e88bf9539e57e45fad
SHA512

a99f972e50c29dec76df5862bed46fbe458a02c69419f8194e09c6a8136ab59e82fcfa36fff0495128d7e84d5fb0cb89fffdd63f1977ac09b277e99931f47b7b
SSDEEP

3072:V5I8RPzuhz48ppJtmCKIMWoyCeJ4//E+7mslheiHsI/U+owztYcegkZq9lz7VOf4:V5NxOjpzZxMWoydJ4nE+a6hgiU+dOga4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
779c77cddb96731168bc7eac885caed8_JaffaCakes118

Files

779c77cddb96731168bc7eac885caed8_JaffaCakes118
.dll windows:5 windows x86 arch:x86

e30632b12f77a1413567a5c0bb89a954

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

I:\vnhovopeehrae\zPMvwsOvsVSlVanpp\onzKJoEtUylnvbBkwQG\kcPwocnKOxqphtuIfpF\hwfutppblOilxiCtqSmxob\fhYkcLewxpDxxavhhr.pdb

Imports

ntoskrnl.exe

ZwQueryInformationFile
RtlRemoveUnicodePrefix
IoGetBootDiskInformation
RtlEqualUnicodeString
KeRegisterBugCheckCallback
RtlInitUnicodeString
ProbeForWrite
RtlIntegerToUnicodeString
RtlCharToInteger
RtlClearAllBits
MmFreeContiguousMemory
IoWMIRegistrationControl
RtlCompareString
RtlEqualString
KeClearEvent
IoCreateSymbolicLink
ExInitializeResourceLite
SeCaptureSubjectContext
IoInitializeTimer
RtlInitString
RtlTimeToTimeFields
MmBuildMdlForNonPagedPool
KeDeregisterBugCheckCallback
ObReferenceObjectByPointer
PoRequestPowerIrp
RtlCheckRegistryKey
IoCancelIrp

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 1024B - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e30632b12f77a1413567a5c0bb89a954

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Sections

.text Size: 15KB - Virtual size: 15KB

.itext Size: 1024B - Virtual size: 64KB

.rdata Size: 19KB - Virtual size: 19KB

.data Size: 8KB - Virtual size: 8KB

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 1024B - Virtual size: 888B

.text
Size: 15KB - Virtual size: 15KB

.itext
Size: 1024B - Virtual size: 64KB

.rdata
Size: 19KB - Virtual size: 19KB

.data
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 1024B - Virtual size: 888B