1954861a01b6800973995ded6e2f2c9b_JaffaCakes118 | Triage

Sharing

General

Target

1954861a01b6800973995ded6e2f2c9b_JaffaCakes118
Size

73KB
MD5

1954861a01b6800973995ded6e2f2c9b
SHA1

f45d1e2f5d565966552d0f8d05e726cb5ae04101
SHA256

6c37f5f631a99614009aa52b4052d94879886694db765b63ce6ce5c41dd9e5b6
SHA512

0e24845a70ddfb1bd4b5b1fcf4d77d6718b8ed13e42e3fb3efefd37c37b0eb9ee99ae594443f7a37104feb06236f00b5dd80038f5fcb87b5aa357918ff30fce0
SSDEEP

1536:y9wmt8X/dRbUAfV5UBKljyT55OzddBUEe4Z8E4yFuv+t1v:y9wmt8Prbf9NlWT50d7UDi8E4yFG+t1v

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1954861a01b6800973995ded6e2f2c9b_JaffaCakes118

Files

1954861a01b6800973995ded6e2f2c9b_JaffaCakes118
.dll windows:5 windows x86 arch:x86

09434ce8ab98afe9ca467fae1551a0d6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

N:\uovldrvlvvkzebieagVLSj\eGwjMbJhsNIuxqBfSpT\jfbzQUloBrDmiohbuiqlW\imrPlCppwkIP\aiebOlzKqMonCx\zHVylroAtLj\VupQTetxgxVdctS\DgGDparCwxyynlbNGga.pdb

Imports

ntoskrnl.exe

SeValidSecurityDescriptor
PsGetCurrentProcess
ZwQueryValueKey
RtlCompareString
KdEnableDebugger
KeCancelTimer
KeInitializeTimer
ExIsProcessorFeaturePresent
RtlInitUnicodeString
RtlCharToInteger
RtlIntegerToUnicodeString
RtlEqualUnicodeString
SeQueryInformationToken
FsRtlFastUnlockSingle
ExReleaseFastMutexUnsafe
MmFreePagesFromMdl
RtlEqualString
RtlRandom
MmBuildMdlForNonPagedPool
KeInitializeTimerEx
RtlUnicodeToOemN
MmAllocateContiguousMemory
FsRtlGetNextFileLock
RtlInitString
IoDeleteSymbolicLink
strncpy

Sections

.text
Size: 24KB - Virtual size: 87KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 828B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ