19cecc68ee15f7d6c116860279279fad_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

19cecc68ee15f7d6c116860279279fad_JaffaCakes118
Size

106KB
MD5

19cecc68ee15f7d6c116860279279fad
SHA1

a2089daad4dd8fa48f880db8181659cb2357f17a
SHA256

18dd5648595367330ba650b25f55ca389fc3941dc47a36d141934883afe68b35
SHA512

9da5d2347d17460a8fdb32a44f3be864bd05b6105ef38077de305a860a19b104c8302d9b159f8b0175feab6728e22c98a36117ef2027938cd5611814e6e633e8
SSDEEP

3072:rSUUqZP6cAbiVWacCdDkdg2K8JkNc3nRUsGqjaD:mUJ6cTVNxdDkdZv9nRBFa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
19cecc68ee15f7d6c116860279279fad_JaffaCakes118

Files

19cecc68ee15f7d6c116860279279fad_JaffaCakes118
.dll windows:5 windows x86 arch:x86

0d9e7a3d840de98f875cf4061686c879

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

G:\njLwfprkYBuz\cxcgMxvbpdDXjOwQzp\gzdiiwmqpmoqoBQ\nUnSajUdtdns\MbwDbldqhpVynhCBisPxFE\AwtrkXUftxEzguf\QyJuWqwoxhkKnffrbplla\fvqmcoNfuqcqeeGSl.pdb

Imports

ntoskrnl.exe

RtlInitUnicodeString
IoInitializeIrp
KeInitializeTimerEx
RtlGUIDFromString
strncpy
RtlEqualUnicodeString
KeCancelTimer
RtlIntegerToUnicodeString
KeSetPriorityThread
RtlInitializeBitMap
CcFastCopyWrite
RtlCharToInteger
ZwAllocateVirtualMemory
RtlFindClearBits
ExSetTimerResolution
MmUnmapLockedPages
ExDeleteNPagedLookasideList
FsRtlIsFatDbcsLegal
RtlCheckRegistryKey
RtlEqualString
ZwQueryVolumeInformationFile
IoGetDeviceObjectPointer
PoRequestPowerIrp
ZwQueryValueKey
FsRtlIsNameInExpression
RtlInitString
RtlCompareString

Sections

.text
Size: 23KB - Virtual size: 87KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 792B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ