14700aabf338781ed4e1b41b7784d8c2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

14700aabf338781ed4e1b41b7784d8c2_JaffaCakes118
Size

61KB
MD5

14700aabf338781ed4e1b41b7784d8c2
SHA1

143b5885d153f30fb4eb34b59acd90079ddf17b1
SHA256

910a7c3e688bf83c27e3c0b54ef6fd9848efcc968dde298e13ee31cf21942e2e
SHA512

e9012a4d7dbc9be648ec62ec3d004377b563e1936eebe31e6cf3ae6884abb8b8cba1506b923130c764725591a24275aaa0e3a204d94b034cd58e7ff6be4c9f7a
SSDEEP

1536:NHo3et4/QYDVjzok4jHJ7PA94ztcSE58:lo3e2/QYDBUk4to94zt3E

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
14700aabf338781ed4e1b41b7784d8c2_JaffaCakes118

Files

14700aabf338781ed4e1b41b7784d8c2_JaffaCakes118
.dll windows:5 windows x86 arch:x86

9f999adb1ef790d28d3ddbed3384a49a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

M:\idxZSyviYKq\DIPzbEI\aEveefXem.pdb

Imports

ntoskrnl.exe

RtlEqualUnicodeString
RtlEqualString
IoAttachDeviceToDeviceStack
RtlUnicodeToMultiByteN
RtlxUnicodeStringToAnsiSize
RtlValidSid
RtlMultiByteToUnicodeN
ExSetResourceOwnerPointer
ExRegisterCallback
RtlSubAuthoritySid
RtlCompareString
RtlxAnsiStringToUnicodeSize
RtlInitializeSid
IoGetRelatedDeviceObject
RtlDeleteNoSplay
SeImpersonateClientEx
SeDeleteObjectAuditAlarm
RtlCompareMemory
KeQueryActiveProcessors
RtlInitString
ZwOpenFile
RtlCopyLuid
RtlInitUnicodeString
RtlInitAnsiString
KeRemoveEntryDeviceQueue

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idat
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 730B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ztest
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.stest
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.init
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.srdat
Size: 1024B - Virtual size: 733B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9f999adb1ef790d28d3ddbed3384a49a

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Sections

.text Size: 14KB - Virtual size: 14KB

.idat Size: 512B - Virtual size: 104B

.idata Size: 1024B - Virtual size: 730B

.ztest Size: 512B - Virtual size: 192B

.stest Size: 512B - Virtual size: 192B

.init Size: 10KB - Virtual size: 9KB

.srdat Size: 1024B - Virtual size: 733B

.data Size: 2KB - Virtual size: 1KB

.rsrc Size: 19KB - Virtual size: 18KB

.reloc Size: 1024B - Virtual size: 536B

.text
Size: 14KB - Virtual size: 14KB

.idat
Size: 512B - Virtual size: 104B

.idata
Size: 1024B - Virtual size: 730B

.ztest
Size: 512B - Virtual size: 192B

.stest
Size: 512B - Virtual size: 192B

.init
Size: 10KB - Virtual size: 9KB

.srdat
Size: 1024B - Virtual size: 733B

.data
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 19KB - Virtual size: 18KB

.reloc
Size: 1024B - Virtual size: 536B