d6f45e6bf18a5bac4b2d435fdba95a27_JaffaCakes118

General

Target

d6f45e6bf18a5bac4b2d435fdba95a27_JaffaCakes118
Size

135KB
MD5

d6f45e6bf18a5bac4b2d435fdba95a27
SHA1

cc6685a19c10f905abcadf72795196d2aef2f42d
SHA256

4c06cf1843d8d7400978809304a84cedc5e933e16e10dd60c0ec4de03351c514
SHA512

dcce50f57b30474db5907314b4b73fc4484735d7b0d2a50b88f0409fa157d57cbc7ea3d8b84065553105b3c92a0a78e2365cc3a79548267cfa7b9215495c6305
SSDEEP

3072:/BzsWwLXhaI+RYkbVsPXY6x06v/AHT/T6JciDmtUSsiJI6:lstLXhaIsnb56xRAHzjiDJuJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d6f45e6bf18a5bac4b2d435fdba95a27_JaffaCakes118

Files

d6f45e6bf18a5bac4b2d435fdba95a27_JaffaCakes118
.dll windows:5 windows x86 arch:x86

5363eee23c7fb458b0fa0f0ec3319fde

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

R:\lswQajcR\GnURyvo\IrAcyazo\sadgJxehxht\pLTlwFdgPl.pdb

Imports

ntoskrnl.exe

RtlCreateSecurityDescriptor
CcCopyRead
RtlExtendedIntegerMultiply
KeClearEvent
IoDeleteSymbolicLink
IoAllocateAdapterChannel
PsChargeProcessPoolQuota
MmAllocateMappingAddress
PsLookupProcessByProcessId
RtlCreateUnicodeString
IoFreeWorkItem
ExDeleteNPagedLookasideList
MmQuerySystemSize
RtlRandom
RtlInitAnsiString
SeSinglePrivilegeCheck
ObGetObjectSecurity
KeCancelTimer
ExFreePoolWithTag
ExUuidCreate
RtlCopyString
KeReleaseSemaphore
KeInitializeSemaphore
ExReleaseResourceLite
KeGetCurrentThread
SeCaptureSubjectContext
KeTickCount
CcZeroData
KeSetBasePriorityThread
SeQueryAuthenticationIdToken
SeValidSecurityDescriptor
CcPinMappedData
PsReturnPoolQuota
MmLockPagableDataSection
KeAttachProcess
RtlInitializeBitMap
CcPurgeCacheSection
KeRemoveEntryDeviceQueue
MmMapLockedPages
RtlDowncaseUnicodeString
RtlEnumerateGenericTable
IoSetDeviceToVerify
RtlFindClearBitsAndSet
KeRundownQueue
MmIsDriverVerifying
IoCreateFile
CcSetBcbOwnerPointer
KeStackAttachProcess
KeLeaveCriticalRegion
ZwQueryVolumeInformationFile
IoGetInitialStack
IoSetSystemPartition
KeEnterCriticalRegion

Exports

Exports

?GlobalHeaderOriginal@@YGGFPAFIPAJ<V
?FormatHeight@@YGXF<V
?FormatDateOld@@YGGPAJPAK<V
?IsMediaTypeNew@@YGDPAJKPAM<V
?RtlMessageEx@@YG_NPAIE<V
?File-

Sections

.text
Size: 61KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5363eee23c7fb458b0fa0f0ec3319fde

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 61KB - Virtual size: 79KB

.text
Size: 61KB - Virtual size: 79KB