15490e6313aa151c7e0a90cb8e6c5d22_JaffaCakes118 | Triage

Sharing

General

Target

15490e6313aa151c7e0a90cb8e6c5d22_JaffaCakes118
Size

34KB
MD5

15490e6313aa151c7e0a90cb8e6c5d22
SHA1

e60a3f3e6176944dbe3520280714de033f88e8a7
SHA256

f45bf66960404cafb828eae1ad8575b5005f5822a45eb22e85defcc51d51605b
SHA512

d3ed306cf5a2d48dff18228178b141f6db93c438fc612384a9b4a7d6a47cff5dab16825d40a73c45d5a43ac034bf62e9165273e20fdd12c4680027f01d3e5458
SSDEEP

768:MTNLuiHkdJgT4XREpE0g7t0LT2MWyvjROzqfaBPi:4LuiHkzPKpc9zyFEq+K

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
15490e6313aa151c7e0a90cb8e6c5d22_JaffaCakes118

Files

15490e6313aa151c7e0a90cb8e6c5d22_JaffaCakes118
.dll windows:5 windows x86 arch:x86

592007b7e01e7d88b78e74ac700ef7a2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

Q:\fipMqk\Oius\Uuvy\vjgv.pdb

Imports

ntoskrnl.exe

RtlEqualUnicodeString
KeInitializeTimerEx
IoRegisterDeviceInterface
MmGetSystemRoutineAddress
IoCheckQuotaBufferValidity
RtlInitString
MmForceSectionClosed
RtlAreBitsSet
RtlInitUnicodeString
IoStopTimer
strcpy
ExRaiseStatus
MmProbeAndLockPages
RtlClearAllBits
IoStartNextPacket
RtlGetNextRange
CcSetBcbOwnerPointer
MmCanFileBeTruncated
KeCancelTimer
RtlCompareString
KeInitializeDpc
RtlIntegerToUnicodeString
IoMakeAssociatedIrp
RtlEqualString

Exports

Exports

vkHCMNeB_KJH_F_ZKtms_q_hz
AWAM__ZOFUPkwgiwgjzLek_h_f_yA_F
igwppoeeagkthnHG__DNXavzLEir_g_s
LANpaboznb____mb
Q___z_vfnfWR__IjzlrfCMAMjOPLSU__bjrEH_U_D_wsd_ehl
ODFMbhctty__rsDOWH_NFLMZF
RKolwt_ZG__YWLMXHZ_YIR__ZUUCAZ

Sections

.text
Size: 15KB - Virtual size: 78KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 796B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 932B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ