96c73a95eb7422056b73965281bc8516_JaffaCakes118

General

Target

96c73a95eb7422056b73965281bc8516_JaffaCakes118
Size

288KB
MD5

96c73a95eb7422056b73965281bc8516
SHA1

764517fba470d79d3155d66f75de0f841eb5ec83
SHA256

9828dfc5b2a3c68f6ff49af6c8cfc436752f6b3a957ae39be0c54f9ac23ea264
SHA512

4e75c5c614f0ba20b3e939b605d7b3fe6130a43ab8b8b246598481a98473b061103c83019ba27a9a610c497c23ef7578cb72461b293206fa959da398f21b3974
SSDEEP

6144:SMHOK5DQmhCy+feIUAEdvXSO4TNBnz5bYlq29+p:7OKlQiCEkBTNBnzsqzp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
96c73a95eb7422056b73965281bc8516_JaffaCakes118

Files

96c73a95eb7422056b73965281bc8516_JaffaCakes118
.dll windows:5 windows x86 arch:x86

6ab6d10600738d78b24bd66c0039f9a4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

N:\hosufqb\JyYugntdyUqA\lZPklRfy\OvTVlPIx\fjvvCamwzxHhc.pdb

Imports

ntoskrnl.exe

CcUnpinData
CcInitializeCacheMap
ObfReferenceObject
IoGetTopLevelIrp
IoQueryFileInformation
RtlCreateSecurityDescriptor
IoReleaseRemoveLockAndWaitEx
ProbeForRead
RtlEqualSid
PoCallDriver
IoWritePartitionTableEx
RtlUpperString
RtlUnicodeStringToInteger
RtlOemToUnicodeN
CcPinRead
ExCreateCallback
MmProbeAndLockProcessPages
KeInitializeEvent
ExAllocatePoolWithQuotaTag
RtlMultiByteToUnicodeN
RtlNtStatusToDosError
IoCheckShareAccess
KePulseEvent
CcCopyWrite
KeTickCount
KeEnterCriticalRegion
CcFastCopyWrite
RtlUnicodeToOemN
KeLeaveCriticalRegion
FsRtlSplitLargeMcb
FsRtlIsTotalDeviceFailure
ZwDeleteKey
MmIsThisAnNtAsSystem
SeCaptureSubjectContext
RtlWriteRegistryValue
KeInitializeTimer
RtlGetNextRange
RtlTimeToTimeFields
PsGetCurrentThreadId
RtlUpcaseUnicodeString
IoGetDeviceObjectPointer
KeSetPriorityThread
IoStartTimer
KeGetCurrentThread
IoBuildSynchronousFsdRequest
SeDeassignSecurity
IoGetRequestorProcess
KeReadStateSemaphore
KeQuerySystemTime

Exports

Exports

?RtlComponentOriginal@@YGPAXGPAEPAG<V
?IsHeaderExA@@YGPAJ_NKFPAK<V
?IncrementAppNameOriginal@@YGPAXH<V
?IncrementThreadOld@@YG_NPAFNE<V
?DecrementProcess@@YGFEJ<V
?Event@@YGKPAGPAM<V

Sections

.text
Size: 65KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6ab6d10600738d78b24bd66c0039f9a4

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 65KB - Virtual size: 97KB

.text
Size: 65KB - Virtual size: 97KB