d222bdaf1919fad56faab3c65f907f44_JaffaCakes118

General

Target

d222bdaf1919fad56faab3c65f907f44_JaffaCakes118
Size

73KB
MD5

d222bdaf1919fad56faab3c65f907f44
SHA1

e111cfdf265b4710487be776a951af8e10463e3f
SHA256

8727cabf7d0a2b3b8eacfe8c3a9ca8069f43c7c6b45b4f9f340549129fe811df
SHA512

818cddc0cd5a3120f1bb40a9ec66e5d40ab0cbab26eede454f1208dd169d864070865027a6ca0fd1b425b0da254d4cc07a89500cce1765dcf03ca65ace93d9b9
SSDEEP

1536:jt1P/v6S2MUYzI1ky0CIp3Ga7I/AuR9Cxr8o/e4Z8E4yFuv+t1v:zPX6S2wzmftIL7sAu7y8omi8E4yFG+t9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d222bdaf1919fad56faab3c65f907f44_JaffaCakes118

Files

d222bdaf1919fad56faab3c65f907f44_JaffaCakes118
.dll windows:5 windows x86 arch:x86

b7a9d2d7308effe208ec07986a968668

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

A:\ILJoz\amcNjjMm\zqhpawR\bJanuKy.pdb

Imports

ntoskrnl.exe

strcpy
ZwClose
RtlCompareString
RtlCreateRegistryKey
IoFreeIrp
RtlIntegerToUnicodeString
KeInitializeTimerEx
MmAllocateContiguousMemory
RtlEqualString
RtlEqualUnicodeString
RtlFindSetBits
IoGetRequestorProcessId
RtlInitUnicodeString
ZwCreateKey
ObReleaseObjectSecurity
RtlInitString
IoInvalidateDeviceRelations
IoUpdateShareAccess
RtlUpperString
RtlRemoveUnicodePrefix
CcFastMdlReadWait
FsRtlNotifyInitializeSync
KeUnstackDetachProcess
KeSetTimer
MmLockPagableSectionByHandle
KeCancelTimer
ExLocalTimeToSystemTime

Exports

Exports

WWCQ_GXgwrT__XQ__HgaL_M_
AZVFXOYD
ol_tDLUUOUldglYUGrlb_i_sjsikUd_lkjP
aip__tvXY_P_MYLOOks__OU__dRTS_QY_R
br__ZUHDFao___TQNBLEXD__W__NGnmLGJKXny_p___h
oypbrj_pMOCETaalilgmv_pyevjcOPUIherHKdflktw_E__ctafy
CUJYv__mtzqsh___CURW_L_Law_iO_fbaw__pMTDOZKSZ_
qzwIAfmst_Z__iow__n__
EVLBtoyQAXM
JA_NIJufZ___WXVqHNtq_bWUTJRWIBRHSICZ_v_d___jjtt__h_
JPVkp_DFFXNLKONAYzVMXGML__DKPFM_RT_Ee_u_pEP_W
jgs__uetrT_GUKXR_tmbwt__fYYSu_c_es_mmaker_MI
g_d_awFwrkDTAOVhzbhtg_b_nGU_Oxf_s_fjH_WQ
bdol_OTQKIE_M_LUCFUSPEU_FKK_A__SK_YVHGf__ie_tb
L_JOA_XCyz_texuIYOSJmp_fgOAS__U_bjURF_W_EB

Sections

.text
Size: 26KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 892B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b7a9d2d7308effe208ec07986a968668

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 26KB - Virtual size: 90KB

.rdata Size: 1024B - Virtual size: 892B

.data Size: 20KB - Virtual size: 20KB

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 26KB - Virtual size: 90KB

.rdata
Size: 1024B - Virtual size: 892B

.data
Size: 20KB - Virtual size: 20KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 1024B - Virtual size: 1024B