d0ce16387d0a97e7c5f2f7c7e1ed2546_JaffaCakes118

General

Target

d0ce16387d0a97e7c5f2f7c7e1ed2546_JaffaCakes118
Size

34KB
MD5

d0ce16387d0a97e7c5f2f7c7e1ed2546
SHA1

92652e93e2ed67655eb104e99386d01f8a6f6f8b
SHA256

74b177d2ea717e8ef9798b20764d8fdc72cff9290ed0e6ac06c7be88b6f07292
SHA512

aaf55dd26201ce31bbe251402b3492fc47a65389942bdb31ad68235e85292788b8a9810bb5bbf323f165c4e9d1dd85e6b176cab1e0da3af4650863e5ce43ef83
SSDEEP

768:Ps9l5whZmuBLKEifYv3+E1C+GK7sHeTk8OdDm:oyhYP4nE/vp8y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d0ce16387d0a97e7c5f2f7c7e1ed2546_JaffaCakes118

Files

d0ce16387d0a97e7c5f2f7c7e1ed2546_JaffaCakes118
.dll windows:5 windows x86 arch:x86

0767aadd422a7f418641f9231aecfcc1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

B:\eBitgiki\dhwAviIq\exanGe\HVIiFmpz.pdb

Imports

ntoskrnl.exe

CcDeferWrite
RtlDeleteNoSplay
KeRemoveQueueDpc
IoReleaseCancelSpinLock
KeCancelTimer
RtlCompareString
RtlEqualString
KeInitializeTimer
strcpy
RtlInitUnicodeString
RtlEqualUnicodeString
KeDeregisterBugCheckCallback
IoQueueWorkItem
RtlInitString
KeStackAttachProcess
SeOpenObjectAuditAlarm
ExGetExclusiveWaiterCount
RtlCompareMemory
RtlInsertUnicodePrefix
RtlWriteRegistryValue
RtlIntegerToUnicodeString
IoDeleteDevice
ZwQueryKey

Exports

Exports

DXqri_q_mmaw_CQPKPg_xx_zH_BUsfogOVP_IXDwimtyw_stn_
W_XH__DTocfyd__KeliiLtwzt
NRJSG_ZHIA_HWOUGO
E___BL_A
YKLCXP_DYTMWJSBebxtn_pEP_JA
krbuogwvdccOQTKSHf_CRXGVIE_W
rviaY_aeqmqwJYJWjfn_ou_k__dcFORFcv_nxxM_GQ_EADDSTXUqy_j
lt_oraum_p_z_bn
ICX_Lipg__ouocPHV_RPAHpbF_S

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.INIT
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 764B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 924B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0767aadd422a7f418641f9231aecfcc1

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 10KB - Virtual size: 10KB

.INIT Size: 10KB - Virtual size: 9KB

.rdata Size: 1024B - Virtual size: 764B

.data Size: 1KB - Virtual size: 65KB

DATA Size: 8KB - Virtual size: 8KB

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 1024B - Virtual size: 924B

.text
Size: 10KB - Virtual size: 10KB

.INIT
Size: 10KB - Virtual size: 9KB

.rdata
Size: 1024B - Virtual size: 764B

.data
Size: 1KB - Virtual size: 65KB

DATA
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 1024B - Virtual size: 924B