bf28c479cfa4ca3231f2c9ac9794d7fb_JaffaCakes118

General

Target

bf28c479cfa4ca3231f2c9ac9794d7fb_JaffaCakes118
Size

39KB
MD5

bf28c479cfa4ca3231f2c9ac9794d7fb
SHA1

a5f240715c587b9a258d1b638445aa121b5be5c0
SHA256

6885caa7f5d271e44d1736a29209daa5a1285e6111490e84d34d837b5772bdad
SHA512

f3779978cb7359ec10beae310f36161d48c78d7762688524fa884fb97ca83d2b62da6951c8c387624227951c5ea15629aa503309c06647a1287f7e1583deddfe
SSDEEP

384:7mBxwZfJGQjtiLp0ScYixXaNs0EfQ0bc35mc7L0APIVZS292NsvgOefbxzcaiSXN:qkZfJGBLDs9o1LfPI792N2sbxzcaVN3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bf28c479cfa4ca3231f2c9ac9794d7fb_JaffaCakes118

Files

bf28c479cfa4ca3231f2c9ac9794d7fb_JaffaCakes118
.dll windows:5 windows x86 arch:x86

80e68224ceb9fcc421034d634e8df354

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

G:\ovcmoxms\CwuXl\pdraC.pdb

Imports

ntoskrnl.exe

IoGetStackLimits
CcIsThereDirtyData
KeClearEvent
IoStartPacket
IoIsWdmVersionAvailable
RtlCopyLuid
RtlGUIDFromString
ZwDeleteValueKey
IoGetRequestorProcessId
RtlNtStatusToDosError
ExGetPreviousMode
IoStartTimer
FsRtlCheckLockForReadAccess
RtlFreeAnsiString
IoCheckQuotaBufferValidity
ZwFreeVirtualMemory
RtlUpperChar
IoGetBootDiskInformation
RtlFindClearBitsAndSet
ZwQueryVolumeInformationFile
PsCreateSystemThread

Exports

Exports

?pdfsowxuiZdx@@YGPAJF@Z
?hHLWtqqeWgll@@YGPAJPAH@Z
?zpwnwOruMpJfrtpwffmmk@@YGJD@Z
?xrnqpfVtH@@YGGKH@Z
?EEnkalsq@@YGPAEPAHN@Z
?WdoKomfZppndkubATwxrZ@@YGPADPADPAF@Z
?vktKpvTSth@@YGPAXI@Z

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 311B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

80e68224ceb9fcc421034d634e8df354

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 6KB - Virtual size: 6KB

.edata Size: 512B - Virtual size: 311B

.data Size: 2KB - Virtual size: 22KB

INIT Size: 8KB - Virtual size: 8KB

.rsrc Size: 19KB - Virtual size: 19KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 6KB - Virtual size: 6KB

.edata
Size: 512B - Virtual size: 311B

.data
Size: 2KB - Virtual size: 22KB

INIT
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 19KB - Virtual size: 19KB

.reloc
Size: 1KB - Virtual size: 1KB