2fa475d50f45f9a41ea564793be5f24a_JaffaCakes118

General

Target

2fa475d50f45f9a41ea564793be5f24a_JaffaCakes118
Size

81KB
MD5

2fa475d50f45f9a41ea564793be5f24a
SHA1

9622995beeca000c28ab0751ef5c18c423f8ffa2
SHA256

54783632be51ef26fa73fafc39ff4b99f3481387d5648acb3997f34d7a67f305
SHA512

4607a0832e002be832defbdf85be83bcb37aadbdddc3d43fefc2dc80f27494bf019511c4a74289159d2964231d36e78ee387afff21c4397721ea846b46d72aa6
SSDEEP

768:M6UvKLSnQT/iIPSwMd5a80AitYAq/5x47Otkn4CCP2Fzl5IUSiohHOXj9FXsRGQ7:tQnlIPFMW86YAe4KtS4jP26USinXjt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2fa475d50f45f9a41ea564793be5f24a_JaffaCakes118

Files

2fa475d50f45f9a41ea564793be5f24a_JaffaCakes118
.dll windows:5 windows x86 arch:x86

c0155ada33812e54774ac92faf41c165

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

Z:\mufgjLimoibXbu\fUlPibEUowO\lIfwcxwPzaviwP.pdb

Imports

ntoskrnl.exe

ExGetPreviousMode
RtlCreateSecurityDescriptor
IoAcquireCancelSpinLock
CcUninitializeCacheMap
RtlWriteRegistryValue
ZwAllocateVirtualMemory
KeInitializeTimer
IoVerifyVolume
RtlFindClearRuns
MmMapLockedPagesSpecifyCache
CcFastMdlReadWait
IoGetDeviceProperty
CcCopyRead
KeInitializeEvent
ExAllocatePoolWithTag
IoCreateStreamFileObject
ObReferenceObjectByHandle
KeSetTimer
IoRemoveShareAccess
ExAcquireResourceSharedLite
KeBugCheckEx
FsRtlIsDbcsInExpression
RtlRandom
WmiQueryTraceInformation
IoQueryFileDosDeviceName
RtlUpcaseUnicodeString
RtlTimeToSecondsSince1970
KeReadStateTimer
FsRtlNotifyUninitializeSync
SeSinglePrivilegeCheck
SeTokenIsAdmin
RtlGetNextRange
MmSecureVirtualMemory
KeReleaseMutex
IoReleaseVpbSpinLock
IoStartPacket
RtlTimeToTimeFields
CcMdlReadComplete
IoInitializeTimer
IoGetRequestorProcess
RtlEqualSid
ProbeForWrite
IoRequestDeviceEject
CcInitializeCacheMap
PsGetThreadProcessId
PoRegisterSystemState
CcMdlWriteAbort
KeRemoveDeviceQueue
SeAccessCheck
IoInitializeRemoveLockEx
FsRtlNotifyInitializeSync
IoWMIRegistrationControl
ObMakeTemporaryObject

Exports

Exports

?FindScreenExW@@ADIGPAF<V
?CopyScreenExA@@ADKD<V
?AddDialogNew@@ADIPAHPAF<V
?IsHeightNew@@ADKKH<V
?IsNotAnchorEx@@ADPAIMPAK<V
?OnTimeNew@@AD_NDM<V

Sections

.text
Size: 28KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 247B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c0155ada33812e54774ac92faf41c165

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 28KB - Virtual size: 45KB

.edata Size: 512B - Virtual size: 247B

.data Size: 33KB - Virtual size: 33KB

.text
Size: 28KB - Virtual size: 45KB

.edata
Size: 512B - Virtual size: 247B

.data
Size: 33KB - Virtual size: 33KB