14ffdabd77aa6ec391e1892749298a3b_JaffaCakes118

General

Target

14ffdabd77aa6ec391e1892749298a3b_JaffaCakes118
Size

63KB
MD5

14ffdabd77aa6ec391e1892749298a3b
SHA1

a4c7dc0efa70ef27ce095bea9f124764003a9b02
SHA256

882eb8267cb9609b0d3a18dea054f672901d375824c32c7305a6cc288da0fd59
SHA512

275766a72b096b55da8d1a4913865c3452576c2b371709093205d772b5a45fdfdaf87fd63da1a3c9320225d0716343840506f19d4ee790e99479bd3ef4064e7a
SSDEEP

1536:D9I7OgjnD78wPbC0IDgdbeIFceNi5aozGC:Deagjv8wzpsCDzNXoz7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
14ffdabd77aa6ec391e1892749298a3b_JaffaCakes118

Files

14ffdabd77aa6ec391e1892749298a3b_JaffaCakes118
.dll windows:5 windows x86 arch:x86

50f3fb53bc0704b15e22edd07a165197

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

I:\eehqyjEsrt\iuizMceIjY\Larmaole\losdnksB.pdb

Imports

ntoskrnl.exe

RtlUpcaseUnicodeToOemN
RtlInitializeUnicodePrefix
RtlInitializeGenericTable
RtlEqualUnicodeString
RtlxUnicodeStringToOemSize
MmGetPhysicalAddress
IoGetDeviceToVerify
RtlFindSetBits
ExSystemTimeToLocalTime
IoStartPacket
IoBuildSynchronousFsdRequest
RtlFindLeastSignificantBit
KeSetTimerEx
RtlTimeFieldsToTime
RtlFindNextForwardRunClear
RtlInitUnicodeString
PsGetCurrentProcess
ObGetObjectSecurity
RtlInt64ToUnicodeString
ExLocalTimeToSystemTime

Exports

Exports

?SetHeaderEx@@IJMNI@X
?ShowText@@IJXDDGPAJ@X

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 512B - Virtual size: 84B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 632B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.init
Size: 512B - Virtual size: 140B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.string
Size: 512B - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 556B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

50f3fb53bc0704b15e22edd07a165197

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 10KB - Virtual size: 10KB

.itext Size: 512B - Virtual size: 84B

.idata Size: 1024B - Virtual size: 632B

.init Size: 512B - Virtual size: 140B

.string Size: 512B - Virtual size: 264B

.data Size: 11KB - Virtual size: 51KB

.rsrc Size: 17KB - Virtual size: 17KB

.reloc Size: 1024B - Virtual size: 556B

.text
Size: 10KB - Virtual size: 10KB

.itext
Size: 512B - Virtual size: 84B

.idata
Size: 1024B - Virtual size: 632B

.init
Size: 512B - Virtual size: 140B

.string
Size: 512B - Virtual size: 264B

.data
Size: 11KB - Virtual size: 51KB

.rsrc
Size: 17KB - Virtual size: 17KB

.reloc
Size: 1024B - Virtual size: 556B