30d7019cc551329d1747e40bf6e3f317_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

30d7019cc551329d1747e40bf6e3f317_JaffaCakes118
Size

134KB
MD5

30d7019cc551329d1747e40bf6e3f317
SHA1

fcd91b6f546ff22d11d0d148656a73c8d153df69
SHA256

99586e4d2af0d35001e4998b2ed3ddd4e2f658bd878a4470d73f7f04a8e4cbc8
SHA512

78fd3c46c0d8b025fb7870c62b6c9184bfc9f9b61e2a1fa79277754d35aa12219626352ab556e221daa10763e8cfe57edac0ab4eeef248696dc20de489345459
SSDEEP

3072:IEBPYgZJL+MPt3tW7Odrg0jvX7H5LIyA40ESxgx:IEdFLj13tW7O5gA7Hh10ETx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
30d7019cc551329d1747e40bf6e3f317_JaffaCakes118

Files

30d7019cc551329d1747e40bf6e3f317_JaffaCakes118
.dll windows:5 windows x86 arch:x86

aa1e20155a4b51f9cd4d51d31c366170

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

H:\upttJnaFR\cjjirWT\pvtBdvcOfe\bwnxojsnrlyg\mqbGquhaOgsa.pdb

Imports

ntoskrnl.exe

KeInitializeTimerEx
IoRemoveShareAccess
FsRtlMdlWriteCompleteDev
RtlInitAnsiString
PoRegisterSystemState
ObReferenceObjectByPointer
IoSetDeviceInterfaceState
ExLocalTimeToSystemTime
ExSystemTimeToLocalTime
RtlInt64ToUnicodeString
ExVerifySuite
ZwCreateSection
KeSaveFloatingPointState
RtlFindLeastSignificantBit
ObReleaseObjectSecurity
SeImpersonateClientEx
MmFreeNonCachedMemory
KeRemoveDeviceQueue
ZwQueryObject
RtlEqualSid

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.i_txt
Size: 512B - Virtual size: 84B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.e_txt
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tele3
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tele1
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tele2
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tele4
Size: 1024B - Virtual size: 550B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 596B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

aa1e20155a4b51f9cd4d51d31c366170

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Sections

.text Size: 12KB - Virtual size: 11KB

.i_txt Size: 512B - Virtual size: 84B

.e_txt Size: 512B - Virtual size: 512B

.tele3 Size: 512B - Virtual size: 28B

.tele1 Size: 512B - Virtual size: 44B

.tele2 Size: 512B - Virtual size: 44B

.tele4 Size: 1024B - Virtual size: 550B

.data Size: 17KB - Virtual size: 64KB

.rsrc Size: 19KB - Virtual size: 18KB

.reloc Size: 1024B - Virtual size: 596B

.text
Size: 12KB - Virtual size: 11KB

.i_txt
Size: 512B - Virtual size: 84B

.e_txt
Size: 512B - Virtual size: 512B

.tele3
Size: 512B - Virtual size: 28B

.tele1
Size: 512B - Virtual size: 44B

.tele2
Size: 512B - Virtual size: 44B

.tele4
Size: 1024B - Virtual size: 550B

.data
Size: 17KB - Virtual size: 64KB

.rsrc
Size: 19KB - Virtual size: 18KB

.reloc
Size: 1024B - Virtual size: 596B