1aa92c99d1eff305b83074bfb3466705_JaffaCakes118 | Triage

Sharing

General

Target

1aa92c99d1eff305b83074bfb3466705_JaffaCakes118
Size

135KB
MD5

1aa92c99d1eff305b83074bfb3466705
SHA1

4b323410e63cd78b74083bb2d948f4d560a89433
SHA256

5a79ddac38c0e82fe0ba52c3e97713a8a9b49fb373f43af2fac0d58d5e658408
SHA512

aa135eb6a08c0f154bebc91f8d98636f90999958ca590c326bad1dc677c61a28d460837eaf32079ccd2f77626d68902bf6cdf12cbb861894954913ccbba58224
SSDEEP

3072:vzNRwXCVeCtcInj8xlGYd0ct0j24z3pGNBFKXU3Wao:vzNaXMdnj8yY+ch4z3wFKX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1aa92c99d1eff305b83074bfb3466705_JaffaCakes118

Files

1aa92c99d1eff305b83074bfb3466705_JaffaCakes118
.dll windows:5 windows x86 arch:x86

64a6d321e035acccb165415da57c80f9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

F:\nnxqzstgw\iOABikxeesgy\pwhredMbl\tsamfKGT.pdb

Imports

ntoskrnl.exe

CcFastMdlReadWait
RtlUpperChar
KeInsertDeviceQueue
KeRemoveQueue
RtlWriteRegistryValue
KeReleaseMutex
RtlEqualUnicodeString
strcat
RtlIntegerToUnicodeString
RtlInitUnicodeString
RtlFindNextForwardRunClear
IoCheckShareAccess
FsRtlIsTotalDeviceFailure
RtlCompareString
KeReadStateTimer
RtlPrefixUnicodeString
IoGetDmaAdapter
ZwMapViewOfSection
RtlEqualString
RtlInitString
IoGetAttachedDeviceReference
MmUnlockPagableImageSection

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 1024B - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 792B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ