37b3463e497fe674db8e7e597c535e67_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

37b3463e497fe674db8e7e597c535e67_JaffaCakes118
Size

42KB
MD5

37b3463e497fe674db8e7e597c535e67
SHA1

c3948071558f4108a7ffe8d2ed57d92e7e33ce56
SHA256

44e0a82ddb77fbeb6383db41926141669e9f13bbdcd97b95fb929f6411741839
SHA512

0fcba627ebb655a7ca34de096077e93ce8fec9e5aad2c5bf7e6531f3f065a16df39432eeb10d0e6753a088d7b2cdf440feed3abc3e7869bf85757a01593d0aad
SSDEEP

768:cMmI5Uuop107fh6jDJovfoRHcll2FkJCgVw+Nrr:Kxf07fADJ4f2HcGqJCq5Nrr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
37b3463e497fe674db8e7e597c535e67_JaffaCakes118

Files

37b3463e497fe674db8e7e597c535e67_JaffaCakes118
.dll windows:5 windows x86 arch:x86

71d69cb0e4bef4a2cfc31e4125dbbbbe

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

N:\waycA\QSyhci\whqekHh.pdb

Imports

ntoskrnl.exe

FsRtlIsFatDbcsLegal
RtlInitializeUnicodePrefix
IoDeviceObjectType
SeTokenIsRestricted
IoReportDetectedDevice
MmSizeOfMdl
ObReferenceObjectByHandle
ExReleaseFastMutexUnsafe
KeSetEvent
IoFreeMdl
RtlNtStatusToDosError
ExUuidCreate
KeInitializeMutex
PsGetCurrentProcessId
RtlFindLeastSignificantBit
IoDeleteDevice
SeQueryAuthenticationIdToken
RtlLengthRequiredSid
ExGetPreviousMode
ZwReadFile
DbgBreakPointWithStatus
KeInsertQueueDpc
MmProbeAndLockPages
ZwQueryValueKey
SeTokenIsAdmin
ExGetSharedWaiterCount

Exports

Exports

?JTkkfiqtcLx@@YGKPADG@Z
?tkaflmlpwfh@@YGJPANPAF@Z
?HODXeUCYurZgUmHg@@YGHN@Z
?wzchqSBbLpu@@YGPAXPAE@Z
?zuBwehenseabJuPilRaE@@YGNI@Z

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 756B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 238B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.dbgdir
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.dbg
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 512B - Virtual size: 461B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

71d69cb0e4bef4a2cfc31e4125dbbbbe

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 9KB - Virtual size: 8KB

.idata Size: 1024B - Virtual size: 756B

.edata Size: 512B - Virtual size: 238B

.dbgdir Size: 512B - Virtual size: 512B

.dbg Size: 512B - Virtual size: 512B

INIT Size: 9KB - Virtual size: 9KB

INIT Size: 512B - Virtual size: 461B

.rsrc Size: 18KB - Virtual size: 18KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 9KB - Virtual size: 8KB

.idata
Size: 1024B - Virtual size: 756B

.edata
Size: 512B - Virtual size: 238B

.dbgdir
Size: 512B - Virtual size: 512B

.dbg
Size: 512B - Virtual size: 512B

INIT
Size: 9KB - Virtual size: 9KB

INIT
Size: 512B - Virtual size: 461B

.rsrc
Size: 18KB - Virtual size: 18KB

.reloc
Size: 2KB - Virtual size: 1KB