87a246a33278c68773a7863d409cfbe5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

87a246a33278c68773a7863d409cfbe5_JaffaCakes118
Size

73KB
MD5

87a246a33278c68773a7863d409cfbe5
SHA1

1ab03d348371bbd679ffdde62fd6564821df3089
SHA256

40c23df27a2548cceeac02a387621ed10fc4e494fcaed176735ad659a2aa8b0b
SHA512

a0c273ee91fde90880d7298c086f30bc72b25df2603ddb1bce826e83270b12c213286b0fae441007103f950f4a28dfae673fbb6be4badf5196f2a46b7dcd48ef
SSDEEP

1536:ytTrkcqpMzEp/2BVobwy0TxH+rRw4w+xqbg7U/q9tcn7FmuvAt1Z:ytNx/VoFwxefx+g7Uybcn7FmGAt1Z

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
87a246a33278c68773a7863d409cfbe5_JaffaCakes118

Files

87a246a33278c68773a7863d409cfbe5_JaffaCakes118
.dll windows:5 windows x86 arch:x86

86c7597769fb2f071190dee1bfabf6bc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

Q:\GevEJpm\nfoSmelu\zuaVvua\cadZlaz.pdb

Imports

ntoskrnl.exe

ExLocalTimeToSystemTime
IoCheckQuotaBufferValidity
RtlInitString
IoGetDeviceObjectPointer
RtlCompareString
KeReadStateSemaphore
KeSetEvent
KeAreApcsDisabled
MmLockPagableDataSection
IoReportResourceForDetection
RtlAnsiCharToUnicodeChar
RtlInitUnicodeString
RtlDeleteRegistryValue
MmQuerySystemSize
RtlEqualString
IoIsWdmVersionAvailable
RtlEqualUnicodeString
RtlIntegerToUnicodeString
strcpy
FsRtlNotifyInitializeSync

Exports

Exports

km__w_tM_T_NYCZPILadjpGq_JVJX_Ld_xekkbdTTBMA_AwdsB_
btkpoHpsbm_acot_TW_GP_dyn_H_fd_w_phz__rfwvrEIIYEBDOLG
vCHRarwY__ACgeARDPOQdmgghHM_K
qq__o_wJK_d__ehfzkOskst_vcyjf_a__rl_B_mq_MISNKL_AC
f_odpvc_ng___NQDQT
CWU_Hh_mqwd____PHJs_hCF_Fhwpy_
dydjk_moucX_ICGTGEK_USYMIPp_m_sVPRWVAXO_iqz_
bxmilMD_H_WDGLQfij_mjIYBT__CfrrlcH__
YMXAB_sqzuPAKCGipksnziFVZB
yjylAQMKOY_EuqnO
BWFN_TYK_Zjr_NIN__FH_D__LD__CGEKBTFRvc_KFADE_JV_ZP___Z

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.INIT
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 732B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 956B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

86c7597769fb2f071190dee1bfabf6bc

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 14KB - Virtual size: 14KB

.INIT Size: 10KB - Virtual size: 9KB

.rdata Size: 1024B - Virtual size: 732B

.data Size: 2KB - Virtual size: 65KB

DATA Size: 19KB - Virtual size: 18KB

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 1024B - Virtual size: 956B

.text
Size: 14KB - Virtual size: 14KB

.INIT
Size: 10KB - Virtual size: 9KB

.rdata
Size: 1024B - Virtual size: 732B

.data
Size: 2KB - Virtual size: 65KB

DATA
Size: 19KB - Virtual size: 18KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 1024B - Virtual size: 956B