10325d3b07d84fba8adb13ac78c39c80_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

10325d3b07d84fba8adb13ac78c39c80_JaffaCakes118
Size

378KB
MD5

10325d3b07d84fba8adb13ac78c39c80
SHA1

4ece90e2c955bfc707e821ec597111e01bb71096
SHA256

4a9b368596221fdebe88fb6494dc1fec11fc965c2a883c86b8d05e40ec2b82a7
SHA512

c589c4de1cc47c09b88483003766fb1d21ac150f220b6ce20050783069366a772cbaea8bc809237cc1a7239853703169029524e3aa50bce18a1bd51e393f82d0
SSDEEP

6144:jKO2bnQms++k9kNIzk16ffkurOpbDIgFhXYWXMHJyUooBMpacpVnYrZVxWn60u3V:jKOKkFQ2KJPcniWgdQsyDS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
10325d3b07d84fba8adb13ac78c39c80_JaffaCakes118

Files

10325d3b07d84fba8adb13ac78c39c80_JaffaCakes118
.dll windows:5 windows x86 arch:x86

8b44c92f52453b881e9f47da173ab922

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\jysLpkqbwcm\earCtuaygxn\zzgjaqgfqnc\zJufuxIYsneP\smtxqqAxqe.pdb

Imports

ntoskrnl.exe

IoRegisterDeviceInterface
RtlUpperChar
RtlClearAllBits
IoRemoveShareAccess
RtlEqualUnicodeString
RtlCopyString
RtlIntegerToUnicodeString
ZwQueryInformationFile
SeTokenIsRestricted
IoRequestDeviceEject
RtlTimeFieldsToTime
IoInvalidateDeviceState
IoDisconnectInterrupt
KeRemoveQueue
ZwReadFile
RtlPrefixUnicodeString
RtlInitUnicodeString
KeInsertQueueDpc
CcFastCopyRead
RtlEqualString
IoStartNextPacket
RtlInitString
IoGetStackLimits
RtlCompareString
KeQueryInterruptTime
RtlAreBitsSet

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 1024B - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 772B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ