0d25dd48db08cdf75a9c6db2a5b5a3d9_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0d25dd48db08cdf75a9c6db2a5b5a3d9_JaffaCakes118
Size

76KB
MD5

0d25dd48db08cdf75a9c6db2a5b5a3d9
SHA1

dd9ed1e73def19b670f22c4b0b87d232902bbc4b
SHA256

504d480dc7dc1737b22227cc51986c611c287d86a61b98e48278ede88a6057ee
SHA512

9032cadb39ce4da308514cf241d1fc33448b39b7367b23dd869dc3f0373802f3f474862adba9711e0dd84a5ffa04d776b7977f9f90f391374d7d75a26f0d2aba
SSDEEP

1536:uVTa7AoNlF6RogMCf6edqivGjEXEHsHcRf+6Hnvalt1R:GTkD8RPzSfivGWEM8Nxilt1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0d25dd48db08cdf75a9c6db2a5b5a3d9_JaffaCakes118

Files

0d25dd48db08cdf75a9c6db2a5b5a3d9_JaffaCakes118
.dll windows:5 windows x86 arch:x86

6c2ce488226362eefc359c8db614eac7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

T:\UeuozxdtHKeEzjmhnbhtYM\eVbDibkEhAjuK\djPhikqekejknoeDryufH\xrpGudgstrsjyfHz\BunrlzALwbwgugeCr\NimjbfFzbumzBWEjph\boPqSrgaRkfEQr.pdb

Imports

ntoskrnl.exe

RtlCopyString
ExRaiseAccessViolation
RtlInitUnicodeString
RtlMapGenericMask
RtlInsertUnicodePrefix
RtlCompareUnicodeString
RtlInitString
RtlEqualString
MmAllocateContiguousMemory
ExFreePool
RtlEqualUnicodeString
RtlIntegerToUnicodeString
IoFreeController
RtlCompareString
IoCheckEaBufferValidity
KeBugCheckEx
KeInitializeTimerEx
SeCreateClientSecurity
MmSecureVirtualMemory
RtlCharToInteger

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 1024B - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 788B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ