0d7ec9378f606a0b8c652ff03d429dfa_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0d7ec9378f606a0b8c652ff03d429dfa_JaffaCakes118
Size

331KB
MD5

0d7ec9378f606a0b8c652ff03d429dfa
SHA1

a927b5778b81a7daa0d277f2bbc2c8fa7bab8fde
SHA256

d86d94a249ef52894b4ed6a9cc4aca9979bcd0c5dca2823430f3f60a12c76cfb
SHA512

72aa7d78c492735bc46584ed24e640d363fcffbb4cdeffd2f2449ae87a70c1812204f0050ab1d891e95e76fed1db104d0cf6af7bc7f2003c5300396b7a05c5f6
SSDEEP

6144:jaCspu3nIEhDAep/gEubrw4pmDh9jNfQJR/1l+7UuWNKH/jzIRkQ0dWihh1Bm:eBOIEXpYrVpmt9jy1l+7xWsH/jzI2QQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0d7ec9378f606a0b8c652ff03d429dfa_JaffaCakes118

Files

0d7ec9378f606a0b8c652ff03d429dfa_JaffaCakes118
.dll windows:5 windows x86 arch:x86

5fc928475f9ea3ce5682dca8661addda

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

Z:\jxmyovenl\rfrnjfbjrNkojm\xlHcxtdqzev.pdb

Imports

ntoskrnl.exe

KeInitializeDeviceQueue
RtlHashUnicodeString
RtlDeleteNoSplay
KeReadStateEvent
ZwMapViewOfSection
ExAcquireFastMutexUnsafe
RtlCompareString
_wcsupr
RtlEqualSid
IoFreeWorkItem
RtlEqualUnicodeString
RtlOemStringToUnicodeString
RtlSubAuthoritySid
IoFreeMdl
IoCreateNotificationEvent
RtlInitString
KeWaitForSingleObject
RtlInitUnicodeString
IoGetAttachedDevice
RtlEqualString

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.file
Size: 512B - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 5KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.type
Size: 1024B - Virtual size: 1022B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 772B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ