baa9f22af9fd688a78f11025d2ce0ad9_JaffaCakes118

General

Target

baa9f22af9fd688a78f11025d2ce0ad9_JaffaCakes118
Size

40KB
MD5

baa9f22af9fd688a78f11025d2ce0ad9
SHA1

62ac448bf65e0f6fea0aa16a6cf8a5af1a16bbd7
SHA256

31a57c1e0caaa036fd4f152296e09a0315c229c1bef0525a1ae369c36f92acd8
SHA512

4a2145063dfb38d6ba43eac5812c5bcece79d8308b94b8268ac1d4241d2e430dda065c5ca26b1697077fb96391248970bba0338915adfb117534fa8fe128bf44
SSDEEP

768:BuAtRcYz5m7oQQ1LB8tByp94VIKO5wcltMYuWAl:PRjxt8tByp94Ed2VWA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
baa9f22af9fd688a78f11025d2ce0ad9_JaffaCakes118

Files

baa9f22af9fd688a78f11025d2ce0ad9_JaffaCakes118
.dll windows:5 windows x86 arch:x86

93dd338209fb473a33d3755090c9afdd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

U:\kbcTrosI\frvT\vCFysz.pdb

Imports

ntoskrnl.exe

IoCreateNotificationEvent
MmIsAddressValid
SeTokenIsAdmin
MmBuildMdlForNonPagedPool
IoDeviceObjectType
KeRegisterBugCheckCallback
FsRtlSplitLargeMcb
MmFreeContiguousMemory
SeAccessCheck
ZwOpenFile
IoDisconnectInterrupt
ExGetSharedWaiterCount
ZwAllocateVirtualMemory
MmUnsecureVirtualMemory
RtlInitString
PsLookupThreadByThreadId
ExFreePoolWithTag
RtlSetDaclSecurityDescriptor
IoAllocateIrp
KeSetBasePriorityThread
IoFreeIrp
IoGetCurrentProcess
IoGetDmaAdapter

Exports

Exports

?kbuztfkuRzb@@YGMI@Z
?lzacwrdjwVDtC@@YGXG@Z
?peCpAIucwkOsaijIkp@@YGPADPAK@Z
?czxvinltrBhvFpoGqi@@YGNPAK@Z
?ojbtopkvYMlxjSpoZb@@YGPAKPAIN@Z
?ZtSTqUhhse@@YGMNN@Z

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 277B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

93dd338209fb473a33d3755090c9afdd

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.edata Size: 512B - Virtual size: 277B

.data Size: 2KB - Virtual size: 22KB

INIT Size: 8KB - Virtual size: 8KB

.rsrc Size: 19KB - Virtual size: 19KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 7KB - Virtual size: 7KB

.edata
Size: 512B - Virtual size: 277B

.data
Size: 2KB - Virtual size: 22KB

INIT
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 19KB - Virtual size: 19KB

.reloc
Size: 2KB - Virtual size: 1KB