1480effc1f97de078fdef995e50decff_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

1480effc1f97de078fdef995e50decff_JaffaCakes118
Size

289KB
MD5

1480effc1f97de078fdef995e50decff
SHA1

ad61e600d4e4289c5b27749d0a16279d05b194b2
SHA256

aea54ab6419a1ea56ff9be7ddcaee33d8db4378758570eea18ed020e49791530
SHA512

3a6189cd83a64a727e707f775d0ce93c0531bfd851dc96e335fdcbf1320aa77b01f80ec62c207c2e3ee181372e6952aa2b4fd891a602585de803b5962ec08d75
SSDEEP

6144:N72vfLBmPl2DmBbgE43vhowBGeyYU+jx1WcdVUp7GV31Gzrr/g0hJvC4Ms6qF79:5OfLOl2yoTrWcjUprjT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1480effc1f97de078fdef995e50decff_JaffaCakes118

Files

1480effc1f97de078fdef995e50decff_JaffaCakes118
.dll windows:5 windows x86 arch:x86

8525d4733e93ad25bbf0ea03dcae4db7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

T:\riAnS\cOwzcjNq\mniwU\QJovsc.pdb

Imports

ntoskrnl.exe

IoBuildPartialMdl
RtlIntegerToUnicodeString
ZwDeleteKey
PsIsThreadTerminating
ExDeleteNPagedLookasideList
RtlCompareString
KeFlushQueuedDpcs
RtlInitString
ObReferenceObjectByPointer
RtlVerifyVersionInfo
ObGetObjectSecurity
MmFreePagesFromMdl
RtlInsertUnicodePrefix
RtlEqualString
wcschr
RtlInitUnicodeString
RtlNumberOfClearBits
RtlGetVersion
IoRegisterDeviceInterface
RtlEqualUnicodeString
ZwQueryVolumeInformationFile
IoGetAttachedDeviceReference
SeQueryInformationToken
RtlCopySid

Exports

Exports

Uv__v__aigZHSWVVIV_Z___
f__dgEqzm_jj_
xBwJTNY_A_SQNZL_nfna_r_jmiFE
G_T_dvY_GUudyswcsdmrwtdtte_o_z_wfnvcrw_CD_V_X_
f__e_nu_aWOUuoayNMD_Noqezn_ytwFGJ_S
dfFMBQHX_ByipUGTvoxesGAS__Gv
tmJKP_QGRgQZYN_NOUcbka_x__KMT_GsvSX_JwebkEbpm_iymqtaj_
b_jtucXHRaxk_YAJ_V___YJFVA_CWn_THVFVEQTY
XRSVi_wdl__iGHJU__QcvvpPss
WMAspf_f_wCTQTRFR_Q
gwrNYUG_X_fHN__HQemvdKSMT_WL_AUrpbhbxt_ygh
vtjbk_um_
qz_h_____jrN
XEKxh__lpdSY_XOubqgS_F_c_YFYUSC
vtuyyZ_DM_f_vxcTLQXCtv___k_ziRFH_Xed_wxibh___wqp_u___b
G_ATiw_nxc__qoV_V_AOLS_uDW_MIVMSVL_XQEP

Sections

.text
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.INIT
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 828B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 932B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8525d4733e93ad25bbf0ea03dcae4db7

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 15KB - Virtual size: 14KB

.INIT Size: 10KB - Virtual size: 9KB

.rdata Size: 1024B - Virtual size: 828B

.data Size: 2KB - Virtual size: 65KB

DATA Size: 19KB - Virtual size: 18KB

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 1024B - Virtual size: 932B

.text
Size: 15KB - Virtual size: 14KB

.INIT
Size: 10KB - Virtual size: 9KB

.rdata
Size: 1024B - Virtual size: 828B

.data
Size: 2KB - Virtual size: 65KB

DATA
Size: 19KB - Virtual size: 18KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 1024B - Virtual size: 932B