82376cf8f944110e74c257770f1c6cfe_JaffaCakes118

General

Target

82376cf8f944110e74c257770f1c6cfe_JaffaCakes118
Size

36KB
MD5

82376cf8f944110e74c257770f1c6cfe
SHA1

27d8a70fe5b3e3619c3bb33cc0469a3c04157c91
SHA256

52005b9e90786305d30976bf5931eed9a9882ea59ae0473549eb3c12f8ecb812
SHA512

66a53384b7cec77f3b79f3012156ec0df3117ab730b2e512946290356761b8cdc6494e26da5b5e074fc46b4a24d2227be436efa66a657b269742176502cbca86
SSDEEP

768:i7DytuUc/BkUJG4bbzeQMeut0LT2MWyvjROg1:kDyti5kkGKfuekzyFt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
82376cf8f944110e74c257770f1c6cfe_JaffaCakes118

Files

82376cf8f944110e74c257770f1c6cfe_JaffaCakes118
.dll windows:5 windows x86 arch:x86

015f3cc9a6e236cc53fbb61480213a05

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

Z:\zSWdz\rnPEmaes\plFwqWGp\fDhpmkh\wepwwOeZ.pdb

Imports

ntoskrnl.exe

KeCancelTimer
RtlxUnicodeStringToAnsiSize
strcpy
RtlInitString
KeRundownQueue
RtlRemoveUnicodePrefix
KeReadStateEvent
MmIsDriverVerifying
ExDeleteResourceLite
RtlEqualUnicodeString
MmUnsecureVirtualMemory
CcCopyRead
FsRtlFastCheckLockForRead
IoAllocateController
RtlFindClearBits
PoSetSystemState
RtlEqualString
RtlInitUnicodeString
KeInitializeTimerEx
PoStartNextPowerIrp
PsGetVersion
RtlDowncaseUnicodeString
RtlIntegerToUnicodeString
RtlCompareString

Exports

Exports

p_mchMXMJ_Stq_fuml_q
YIVYJf__nd__mftb__BESLLU__DJV_I
YKIVPPvCBKXWxl____fo_ihi_wezQ_pp_th_BJGH_OHGZBOD_
qpz_vpukjwuAP_Q_GW_VGTXZMMP_KUXSXXXHIzor_cOZ
I_LLEMvbigkx_vgzhn_fix_____r_fkun__iV
tBTaodyKJOj_nwz____kmeuJPJXGPqqcfltehnFLN_CA_hlD_CDIXFX
ea_bFMCJs___wbbj_E
n___puD_IM__jigmIIBP
j_kn_b_ecv_u_k_i_x_i__lyyXK___SZFL_KFA
ZICEBnswwvzmkQUGANb_fkydqke_nk_olowp_neUD_PKQc
Ns__n_otO__
P__AQZDXIKRQrl_nb__BWZLR_s_tf_poX__L__A_SHmk_zsfb
siyq__RQGOJWzxNWOOB_jblc_QWBqvczqLX_YPc__v_y_t_zZyjooAMA

Sections

.text
Size: 16KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 812B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1012B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

015f3cc9a6e236cc53fbb61480213a05

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 16KB - Virtual size: 79KB

.rdata Size: 1024B - Virtual size: 812B

.data Size: 16KB - Virtual size: 16KB

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 1024B - Virtual size: 1012B

.text
Size: 16KB - Virtual size: 79KB

.rdata
Size: 1024B - Virtual size: 812B

.data
Size: 16KB - Virtual size: 16KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 1024B - Virtual size: 1012B