c11da4cb92ab405cdf4e0fcf9a3e9a0a_JaffaCakes118

General

Target

c11da4cb92ab405cdf4e0fcf9a3e9a0a_JaffaCakes118
Size

134KB
MD5

c11da4cb92ab405cdf4e0fcf9a3e9a0a
SHA1

d13837fb5e8aa11784bf1da20c8146416b45de70
SHA256

cb7d6e93a0040b80ed9f48cfdd245650114540e1e04c563f22b1e9aefc62e383
SHA512

42d9cf27144263e25059d3ba2cbbebbb582158d29dea7d96b441c0ff5e42d142c9f295c1c029d5fe751257ae18579ec664d2bbc8440b3283420eac8e34f37222
SSDEEP

3072:15o+ME+AKeyfLzRWrrg0jvX7H5LIyA40ESxgx:1yJ8Keyf3EgA7Hh10ETx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c11da4cb92ab405cdf4e0fcf9a3e9a0a_JaffaCakes118

Files

c11da4cb92ab405cdf4e0fcf9a3e9a0a_JaffaCakes118
.dll windows:5 windows x86 arch:x86

3a212da63814f22839143a31c4123b12

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

U:\fvCvijPc\SGFTOev\drpbwidjAvTj.pdb

Imports

ntoskrnl.exe

FsRtlMdlWriteCompleteDev
KeTickCount
IoGetStackLimits
KeLeaveCriticalRegion
PoStartNextPowerIrp
RtlVolumeDeviceToDosName
KeReleaseMutex
RtlInitializeSid
ExReinitializeResourceLite
RtlFillMemoryUlong
MmQuerySystemSize
ZwEnumerateKey
KeRemoveDeviceQueue
KeGetCurrentThread
CcPinMappedData
SeValidSecurityDescriptor
ExInitializeResourceLite
ZwReadFile
RtlDowncaseUnicodeString
ExUnregisterCallback
IoReuseIrp
IoRemoveShareAccess
MmIsVerifierEnabled
IoGetInitialStack
FsRtlCheckLockForReadAccess
IoInitializeTimer
CcMdlWriteComplete
MmGetSystemRoutineAddress
IoGetDmaAdapter
MmUnsecureVirtualMemory
RtlCreateSecurityDescriptor
IoGetRequestorProcessId
IoCsqRemoveIrp
RtlInt64ToUnicodeString
ZwWriteFile
SeCreateClientSecurity
PsGetThreadProcessId
IoInvalidateDeviceRelations
CcPinRead
KeEnterCriticalRegion
PsGetCurrentThread
SeCaptureSubjectContext
MmSetAddressRangeModified
IoCreateStreamFileObjectLite
IoDisconnectInterrupt
ExGetExclusiveWaiterCount
RtlClearAllBits
SeSetSecurityDescriptorInfo
KeCancelTimer

Exports

Exports

?DecrementKeyboardW@@YGIJHF<V
?IsPointerExW@@YGXJDD<V
?FormatSizeEx@@YGDPAMPAFKH<V
?InstallMediaTypeNew@@YGPAMPAIH<V
?EnumDialogNew@@YGPAHMMPAFN<V
?HideNameA�

Sections

.text
Size: 60KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3a212da63814f22839143a31c4123b12

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 60KB - Virtual size: 83KB

.text
Size: 60KB - Virtual size: 83KB