fc505a51be6e79d8e3c3988d02fb4e56_JaffaCakes118

General

Target

fc505a51be6e79d8e3c3988d02fb4e56_JaffaCakes118
Size

135KB
MD5

fc505a51be6e79d8e3c3988d02fb4e56
SHA1

885fb7ad38803bd4aecf9898c2692b663b6b2174
SHA256

62afcbb4746d40244d83ef1614f1bd1be412babde5d2e803159f838573dc0c36
SHA512

707908f9660662d6b902ae4f17ca9b1fafde262bea45e1c73a28ee4c0508e7f65497886c08d407fa96e9917e479744655a5d4be578cb45f9d5218d5ff9aec517
SSDEEP

3072:78DMfZjwjMipnBi9Ai0Gv7YHZE76VCLFUSbSES:QDMhjIMOfi5YHaVLan

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fc505a51be6e79d8e3c3988d02fb4e56_JaffaCakes118

Files

fc505a51be6e79d8e3c3988d02fb4e56_JaffaCakes118
.dll windows:5 windows x86 arch:x86

3d019df3efa33cb45be53236588e9094

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

X:\zBtNHvkyha\xnGtwlu\vEwIlUrfj.pdb

Imports

ntoskrnl.exe

IoDeleteSymbolicLink
MmForceSectionClosed
RtlFreeUnicodeString
KeEnterCriticalRegion
KeLeaveCriticalRegion
RtlDeleteElementGenericTable
ZwSetSecurityObject
KdDisableDebugger
IoGetDeviceToVerify
IoCheckEaBufferValidity
CcFastCopyRead
HalExamineMBR
RtlFindClearBitsAndSet
ProbeForRead
IoDeviceObjectType
KeGetCurrentThread
ObInsertObject
IoSetShareAccess
RtlCreateSecurityDescriptor
MmIsThisAnNtAsSystem
RtlFindClearBits
KeInitializeTimer
IoQueueWorkItem
ZwDeleteKey
RtlQueryRegistryValues
IoGetTopLevelIrp
IoInvalidateDeviceRelations
FsRtlCheckLockForReadAccess
ExUnregisterCallback
IoReleaseCancelSpinLock
IoGetBootDiskInformation
KeRestoreFloatingPointState
SeTokenIsRestricted
IoSetTopLevelIrp
ObGetObjectSecurity
PoUnregisterSystemState
IoGetDeviceAttachmentBaseRef
KeQueryInterruptTime
KeTickCount
PsDereferencePrimaryToken
IoGetDiskDeviceObject
MmFreeNonCachedMemory
IoCheckShareAccess
MmFreeMappingAddress
MmHighestUserAddress
IoVerifyVolume
ZwQuerySymbolicLinkObject
RtlAnsiStringToUnicodeString
CcPinMappedData
ExSystemTimeToLocalTime
DbgBreakPointWithStatus
KeReadStateMutex
KeInitializeEvent
ExGetExclusiveWaiterCount

Exports

Exports

?RtlDirectoryExW@@YGPADHPAG<V
?DeleteVersionExW@@YGGD<V
?FindSectionA@@YGFFPA_NGM<V
?ModifyPathExW@@YGKK<V
?SetFilePathW@@YGIPAJJIPAJ<V
?IsNotFileEx@@YGMPAMDF<V

Sections

.text
Size: 65KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3d019df3efa33cb45be53236588e9094

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 65KB - Virtual size: 83KB

.text
Size: 65KB - Virtual size: 83KB