a94fd6401a98c083c773b970c7002d4f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a94fd6401a98c083c773b970c7002d4f_JaffaCakes118
Size

106KB
MD5

a94fd6401a98c083c773b970c7002d4f
SHA1

2bf6d1c2f8c2cc6ad281f96948df1b7b2f0a2b42
SHA256

18e6342e66d814737603c9aa1ce167ab2d19cc53f71ebcd277c6d36666fafcea
SHA512

355b365316b3b363206545ed4195c238e90060be7667ac50670a787a4dc603c756d36fa8e16b7d3da9e30ff8eb42862e4c7dbca2d99a293eb52ca0728ea9ecf0
SSDEEP

3072:UaZzSzVqpgXC6R6WSlkNcAGtBvZBYHUg+:TZztgXC6QZKGt94Hg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a94fd6401a98c083c773b970c7002d4f_JaffaCakes118

Files

a94fd6401a98c083c773b970c7002d4f_JaffaCakes118
.dll windows:5 windows x86 arch:x86

70be907a52b204e943cabdf9828a2e86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

N:\EjlmRcxj\HmQOyjdMvwno\tDjoPyd\TrRnnxkxdfxhr.pdb

Imports

ntoskrnl.exe

MmFreeContiguousMemory
KeBugCheckEx
RtlInitString
RtlDeleteRegistryValue
ObCreateObject
RtlEqualUnicodeString
RtlCopyString
CcSetBcbOwnerPointer
KeInitializeDeviceQueue
CcFastCopyWrite
RtlEqualString
RtlInitUnicodeString
IoCreateDevice
RtlStringFromGUID
RtlxAnsiStringToUnicodeSize
RtlInitAnsiString
DbgBreakPointWithStatus
MmProbeAndLockPages
IoOpenDeviceRegistryKey
RtlCharToInteger
KeClearEvent
RtlUpcaseUnicodeString
RtlFindLeastSignificantBit
PoRegisterSystemState
MmIsAddressValid

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idat
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 708B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ztest
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.stest
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.init
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.srdat
Size: 1024B - Virtual size: 693B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 676B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

70be907a52b204e943cabdf9828a2e86

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Sections

.text Size: 14KB - Virtual size: 14KB

.idat Size: 512B - Virtual size: 104B

.idata Size: 1024B - Virtual size: 708B

.ztest Size: 512B - Virtual size: 192B

.stest Size: 512B - Virtual size: 192B

.init Size: 10KB - Virtual size: 9KB

.srdat Size: 1024B - Virtual size: 693B

.data Size: 2KB - Virtual size: 37KB

.rsrc Size: 20KB - Virtual size: 20KB

.reloc Size: 1024B - Virtual size: 676B

.text
Size: 14KB - Virtual size: 14KB

.idat
Size: 512B - Virtual size: 104B

.idata
Size: 1024B - Virtual size: 708B

.ztest
Size: 512B - Virtual size: 192B

.stest
Size: 512B - Virtual size: 192B

.init
Size: 10KB - Virtual size: 9KB

.srdat
Size: 1024B - Virtual size: 693B

.data
Size: 2KB - Virtual size: 37KB

.rsrc
Size: 20KB - Virtual size: 20KB

.reloc
Size: 1024B - Virtual size: 676B