8bb9549dc3d408eaf84fb62638cf7d5a_JaffaCakes118

General

Target

8bb9549dc3d408eaf84fb62638cf7d5a_JaffaCakes118
Size

37KB
MD5

8bb9549dc3d408eaf84fb62638cf7d5a
SHA1

4068a9cc77c7c3165e74b3fea99e0f651c61c871
SHA256

7e81e6aaec66cb9c52f6fc3df5d8c59b2a32107fb20b8c3fdd181f72f183ff44
SHA512

f9089e6ee9e72aa7a56c93546ce4dfb60e217f30e4e02f1d0965073b53530d6570a27a2d3657120854733de956c8e8c4f7240822748b4c1b236dd7d78a594252
SSDEEP

768:hKbu/hvL9c4LOIzSFwDQUOK8N4MJf/k5MJNeNeZR:RNL9cKSFwDBnIESJU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8bb9549dc3d408eaf84fb62638cf7d5a_JaffaCakes118

Files

8bb9549dc3d408eaf84fb62638cf7d5a_JaffaCakes118
.dll windows:5 windows x86 arch:x86

aec267bd17995bc24df2835c5e112fc1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\lJWc\ETynadoa\AGSvJGn\cjDpybt.pdb

Imports

ntoskrnl.exe

RtlEqualUnicodeString
KeResetEvent
RtlUpperChar
RtlInitString
IoGetAttachedDevice
RtlHashUnicodeString
ExRaiseDatatypeMisalignment
KeReleaseMutex
RtlTimeFieldsToTime
ZwQueryValueKey
MmPageEntireDriver
IoStartTimer
RtlInitUnicodeString
IoGetRequestorProcessId
IoWMIRegistrationControl
PsLookupThreadByThreadId
ZwOpenSection
RtlEqualString
RtlCompareString
atoi
ZwCreateSection

Exports

Exports

?LHNED_gslvjmUEDKO_@@YGPAFPAG@Z
?QFQ_RFUsu__z@@YGPAJHK@Z
?qke_s___KGmoV_C_T__@@YG_NI@Z
?OOOf_ny_xUYQBX_Eoa@@YGJPANK@Z
?wO_QG_dGVGWZAccx@@YGPAXIF@Z
?tdf_pruhk_wu@@YGIM@Z
?_xhyilb_jeuLG@@YGXGE@Z
?aa___fp__VYTDAN_L_OZzm@@YGFI@Z
?_KF_XGMG_IJN@@YGFEPAG@Z
?_q_jux_EDBG_N_J@@YGXE@Z
?l_cr_XFKED@@YGPAGPAM@Z
?n____znjx__@@YGKPAJN@Z
?vfoerP_@@YGXH@Z

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.INIT
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 700B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 876B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

aec267bd17995bc24df2835c5e112fc1

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.INIT Size: 24KB - Virtual size: 24KB

.rdata Size: 1024B - Virtual size: 700B

.data Size: 2KB - Virtual size: 65KB

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 1024B - Virtual size: 876B

.text
Size: 7KB - Virtual size: 7KB

.INIT
Size: 24KB - Virtual size: 24KB

.rdata
Size: 1024B - Virtual size: 700B

.data
Size: 2KB - Virtual size: 65KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 1024B - Virtual size: 876B