84bb76dc005d190d64ffcfaaa91d5863_JaffaCakes118

General

Target

84bb76dc005d190d64ffcfaaa91d5863_JaffaCakes118
Size

73KB
MD5

84bb76dc005d190d64ffcfaaa91d5863
SHA1

767a7fce74300a881ef96589d79c45171009c152
SHA256

a7ec845fdfd51c0eb4be691655961c1ed61b1a944c733948af0dbb83792b5345
SHA512

f1d8ab37b9927e18e354f0021d1b14457156e598496a20c0954b0668ed209a502060a2b21c0861f5ab3dcb7f861669f36296a87b679644f9b9ae7d5c913a7d93
SSDEEP

1536:MCNJ3efQcXHF6RogMCfXACYYPAzAfYRTx47vN:J34H8RPzfACRPfwRTxYvN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
84bb76dc005d190d64ffcfaaa91d5863_JaffaCakes118

Files

84bb76dc005d190d64ffcfaaa91d5863_JaffaCakes118
.dll windows:5 windows x86 arch:x86

708514f0e63f86d799c99153c5c13805

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

W:\KXxdbKcimuFaJewwfnlcQ\pODapvdwrzszvKonlo\GawDOsozybta\mjhKHdaAhgfrHbyemXnngd\gfXDhTjUpNG\dnlgISOrKdbpzdQCdK\rfqRDJworgqHHKz\mfcnkDUUornwwayTlT.pdb

Imports

ntoskrnl.exe

IoReleaseCancelSpinLock
ZwQueryInformationFile
RtlEqualUnicodeString
RtlTimeFieldsToTime
ZwOpenSymbolicLinkObject
RtlEqualString
KeResetEvent
RtlCharToInteger
RtlInitString
PoCallDriver
KeSetTargetProcessorDpc
ZwCreateDirectoryObject
MmSizeOfMdl
RtlInitUnicodeString
IoCreateSymbolicLink
PsTerminateSystemThread
SeAccessCheck
RtlIntegerToUnicodeString
RtlCompareString
MmUnlockPagableImageSection
KeSaveFloatingPointState
IoGetStackLimits
RtlInitializeGenericTable
ExCreateCallback
RtlCopyLuid

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 1024B - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 932B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

708514f0e63f86d799c99153c5c13805

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Sections

.text Size: 15KB - Virtual size: 15KB

.itext Size: 1024B - Virtual size: 64KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 9KB - Virtual size: 8KB

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 1024B - Virtual size: 932B

.text
Size: 15KB - Virtual size: 15KB

.itext
Size: 1024B - Virtual size: 64KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 9KB - Virtual size: 8KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 1024B - Virtual size: 932B