dc8024e9af091eca0c4e4ae6f9abea0b_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

dc8024e9af091eca0c4e4ae6f9abea0b_JaffaCakes118
Size

379KB
MD5

dc8024e9af091eca0c4e4ae6f9abea0b
SHA1

483593969ef46fc3ce90b856ceccac03d5f7b8cf
SHA256

5d4ca1f7909225d7ff0c2616f6e3f43150ad242ad16ca876d1c3dad8e879ce3f
SHA512

0db51a9b61980b8776ad8fc0f6b49b0cec317ba47a5b45c076e95947fb60b2d0e66e370097a82abccf36cd5d10d3d0f56cfab36f33916e00b71b3e433f75e92a
SSDEEP

6144:4HV7Vt7sBGnXjxAXmxCx2LYW2Tz0tfT+zSyrBwsQXF4MbshSylNcyPuBRMfKMk9r:4HVRQTzXA1KlwD3MjfP/y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dc8024e9af091eca0c4e4ae6f9abea0b_JaffaCakes118

Files

dc8024e9af091eca0c4e4ae6f9abea0b_JaffaCakes118
.dll windows:5 windows x86 arch:x86

b51000ae42c8e478c0a7891ee3abf81b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

J:\VuqiqlRz\kVPjkrhgia\woeaSvzXja\mglLgHywf\owJqgQj.pdb

Imports

ntoskrnl.exe

ExVerifySuite
ExNotifyCallback
ZwQuerySymbolicLinkObject
RtlInitAnsiString
RtlAddAccessAllowedAceEx
MmBuildMdlForNonPagedPool
RtlFindLeastSignificantBit
PsGetVersion
RtlHashUnicodeString
ExSystemTimeToLocalTime
ExLocalTimeToSystemTime
CcZeroData
ProbeForWrite
RtlFindNextForwardRunClear
RtlInitString

Sections

.text
Size: 28KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.i_txt
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.e_txt
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tele3
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tele1
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tele2
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tele4
Size: 512B - Virtual size: 381B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 616B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b51000ae42c8e478c0a7891ee3abf81b

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Sections

.text Size: 28KB - Virtual size: 31KB

.i_txt Size: 512B - Virtual size: 64B

.e_txt Size: 512B - Virtual size: 512B

.tele3 Size: 512B - Virtual size: 28B

.tele1 Size: 512B - Virtual size: 44B

.tele2 Size: 512B - Virtual size: 44B

.tele4 Size: 512B - Virtual size: 381B

.data Size: 17KB - Virtual size: 64KB

.rsrc Size: 19KB - Virtual size: 18KB

.reloc Size: 1024B - Virtual size: 616B

.text
Size: 28KB - Virtual size: 31KB

.i_txt
Size: 512B - Virtual size: 64B

.e_txt
Size: 512B - Virtual size: 512B

.tele3
Size: 512B - Virtual size: 28B

.tele1
Size: 512B - Virtual size: 44B

.tele2
Size: 512B - Virtual size: 44B

.tele4
Size: 512B - Virtual size: 381B

.data
Size: 17KB - Virtual size: 64KB

.rsrc
Size: 19KB - Virtual size: 18KB

.reloc
Size: 1024B - Virtual size: 616B