1334530c2575bf25ab67896965d7c626_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1334530c2575bf25ab67896965d7c626_JaffaCakes118
Size

56KB
MD5

1334530c2575bf25ab67896965d7c626
SHA1

5a3e3ead57ccdcb505f043cd8a29c650c4302a50
SHA256

cdda18feec5edc2e061a7e37a32c4389ff6a70d9eeb84bedf191987e54150e3e
SHA512

8e50d23dc3ff1e1f9654c38ae7d6e6222cfbc83810077989ddf9d1b40c26ac13394b68a80fd2fa466ad7e1b9c993fb48856580f728080357e6cc89f0cd4686d4
SSDEEP

768:OkTOK7sYRj9AYu48sSJoGFmccEaZVIjIP9L5MFVDhKroFEFVaJ+ZMHv7bqMt:O4OiEGmJtmskb96FNYroFEFUJ+uP6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1334530c2575bf25ab67896965d7c626_JaffaCakes118

Files

1334530c2575bf25ab67896965d7c626_JaffaCakes118
.dll windows:5 windows x86 arch:x86

64f69984d0438a099c571fd670383e82

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

J:\RDgxmPscpd\JwNdgujp\xgcbdoctqNBt\XRqmcEXzbmNlof\UlreshniEXv.pdb

Imports

ntoskrnl.exe

ZwAllocateVirtualMemory
PsTerminateSystemThread
RtlEqualUnicodeString
IoReleaseRemoveLockEx
IoSetHardErrorOrVerifyDevice
SeDeleteObjectAuditAlarm
ZwQueryObject
IoUpdateShareAccess
CcPinMappedData
ObReferenceObjectByPointer
RtlCopyUnicodeString
KeInitializeDpc
ExFreePool
MmHighestUserAddress
ProbeForRead
ZwUnloadDriver
ExReinitializeResourceLite
MmFreeContiguousMemory
CcUnpinRepinnedBcb
KeSetBasePriorityThread
MmLockPagableSectionByHandle
CcUninitializeCacheMap
MmAllocateMappingAddress
KeRemoveQueue
IoVolumeDeviceToDosName
RtlSplay
MmFreeMappingAddress
IoSetThreadHardErrorMode
KeSetTimerEx
RtlAreBitsSet
KeQueryActiveProcessors
ZwOpenSection
IoCreateStreamFileObjectLite
RtlFreeOemString
SeAccessCheck
PoRegisterSystemState
IoCancelIrp
MmFlushImageSection
FsRtlIsTotalDeviceFailure
IoGetCurrentProcess
IoCreateDevice
MmProbeAndLockProcessPages
CcUnpinData
SeAppendPrivileges
PoSetSystemState
ExRegisterCallback
KeInitializeTimerEx
KeClearEvent
ObInsertObject
KeInsertDeviceQueue
KeRegisterBugCheckCallback
KeSetKernelStackSwapEnable
RtlCreateSecurityDescriptor
KeGetCurrentThread
KeRemoveQueueDpc
CcPinRead
IoAcquireRemoveLockEx
IoWMIWriteEvent
ExNotifyCallback
ExReleaseFastMutexUnsafe
IoAllocateIrp
RtlPrefixUnicodeString
IoInitializeIrp
RtlAnsiCharToUnicodeChar
RtlLengthRequiredSid
ObCreateObject
RtlSecondsSince1970ToTime
IoGetTopLevelIrp
RtlDeleteElementGenericTable
IoRaiseHardError
RtlCompareMemory
MmAllocateContiguousMemory
RtlInitializeUnicodePrefix
RtlInitializeGenericTable
FsRtlSplitLargeMcb

Exports

Exports

?CrtStringW@@YGPAIPA_NPAJKG<V
?SendCommandLineExW@@YGNPANNPAMI<V
?RtlPathOriginal@@YGPAFPAMMPAE<V
?DecrementCommandLineNew@@YGHE<V
?HideMessageEx@@YGPA_NE<V
?CallProjectNew@@YGIPAMK<V

Sections

.text
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

64f69984d0438a099c571fd670383e82

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 43KB - Virtual size: 43KB

.data Size: 4KB - Virtual size: 28KB

.reloc Size: 1024B - Virtual size: 872B

.text
Size: 43KB - Virtual size: 43KB

.data
Size: 4KB - Virtual size: 28KB

.reloc
Size: 1024B - Virtual size: 872B