f970095a40ead4e5b265e694ce0d5306_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f970095a40ead4e5b265e694ce0d5306_JaffaCakes118
Size

31KB
MD5

f970095a40ead4e5b265e694ce0d5306
SHA1

c9dc22f22ad51329b06daabea88a23082d10f8d5
SHA256

0829e3a98fd9a71208aa34d5759bf9d077025ab8b76e9d8a5065966647612a03
SHA512

d9468fe902a8ac245ea992c5905ac04fa300a5c09e6910a499fd9357307b56f62081aaa0f788df412601b6f875b8f00ef8b7fdd81a37053e3f8f4cd0626f80cb
SSDEEP

768:zPL2OVSyLtxVpuX1X/13VeE6tFIn3NL8G2JXkcmXS:zPPYyBxe1X/FVw7+9+1aS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f970095a40ead4e5b265e694ce0d5306_JaffaCakes118

Files

f970095a40ead4e5b265e694ce0d5306_JaffaCakes118
.dll windows:5 windows x86 arch:x86

9992f6f458012837569a2ed28712c91c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

B:\evacRsf\ksXxzcsx\rycwuO.pdb

Imports

ntoskrnl.exe

RtlEqualUnicodeString
RtlInitString
KeReleaseMutex
IoCreateSymbolicLink
strcpy
KeCancelTimer
RtlCompareString
MmSecureVirtualMemory
IoQueueWorkItem
KeInitializeTimerEx
RtlCopySid
RtlInitUnicodeString
IoSetSystemPartition
RtlIntegerToUnicodeString
RtlOemStringToUnicodeString
RtlAreBitsClear
RtlEqualString
ExInitializeResourceLite
PoCallDriver
CcIsThereDirtyData
KdEnableDebugger

Exports

Exports

lbK__LGMn_s_ICJCP_WuKBX_CGBnopGS_DFAyyhuRGXBHqd_ZS_u_ta
Zmiqvx_w__ftepxiOB_ORS_IBHIAVV_MPG
PK__ZDbdk_ADTEN__OX_ECCKjfUUYHCKizy_FYIDARMRP_Osy_v_zlSA
nhtmvxnro_rgVQTMDujv_lmimKPQM
W_CPNX_etqqi_ptlh_z_XU_M
lp__k_wWX_L_T_S__s_tbuOZGZoqa

Sections

.text
Size: 13KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 844B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ