1795d3e61755bd2ddfc286f8426ec96c_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1795d3e61755bd2ddfc286f8426ec96c_JaffaCakes118
Size

61KB
MD5

1795d3e61755bd2ddfc286f8426ec96c
SHA1

52d71727ac0b1ffc0499011f4913d0666cf5fddd
SHA256

d2b5cab4223b80053d2e4df9fcdd452f216f0bc5fe3c2922327e147e92255dde
SHA512

ec3f31f3f5e4cae0308ccd6ccb7c60c31aeacb1e47b4182f0f70b2235e0a7413546d345f56912760559d91576831cc8e723d296a35844bec8c676d5621ca7bac
SSDEEP

1536:u4aR+jYOo74oN4/bZMuSS6+DMGMwzYVmcsdR:u4aLcoinSD+DbMYYVmcsdR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1795d3e61755bd2ddfc286f8426ec96c_JaffaCakes118

Files

1795d3e61755bd2ddfc286f8426ec96c_JaffaCakes118
.dll windows:5 windows x86 arch:x86

5e0c7a03c3a8411b96b60b8f0147bd46

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

Y:\jCecrtNMajktel\aNvnMaJRyoJ\eGzmRyVgMpmw.pdb

Imports

ntoskrnl.exe

IoAcquireCancelSpinLock
RtlIntegerToUnicodeString
RtlEqualUnicodeString
RtlEqualString
ExUuidCreate
IoGetBootDiskInformation
RtlInitString
CcUnpinDataForThread
RtlFindNextForwardRunClear
RtlVerifyVersionInfo
RtlRandom
IoCreateSynchronizationEvent
RtlCompareString
PoSetPowerState
RtlInitUnicodeString
KeSetKernelStackSwapEnable
ExFreePoolWithTag
RtlUnicodeStringToAnsiString
KeInitializeSemaphore
RtlCompareMemory
KeBugCheckEx
IoAllocateIrp
ZwQuerySymbolicLinkObject
ExGetExclusiveWaiterCount
KeSetBasePriorityThread
RtlUpperChar

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 1024B - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 796B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ