22a31e238eadaacf44d51c99528e2612_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

22a31e238eadaacf44d51c99528e2612_JaffaCakes118
Size

46KB
MD5

22a31e238eadaacf44d51c99528e2612
SHA1

b980ac5a6187f7f33d5599bee1b10778c5e8ba27
SHA256

630b73cb3476e43ffb672aa01de6a4115c673bd64417cda329d49185d7dbf3bb
SHA512

12db1fd6b45056828af363d32cf2b50f395494ea18f29302458a55ea8c8d7733fd86ef549493af02bbd696f78370d98d2375e72465198907624fb7d91fee9468
SSDEEP

768:0Qw11MD1TFAe1zYU6J6wIIZMeErgFRXuynQIpWkICupN:Tq1MRTFTzPwIIZMeig+yH4p

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
22a31e238eadaacf44d51c99528e2612_JaffaCakes118

Files

22a31e238eadaacf44d51c99528e2612_JaffaCakes118
.dll windows:5 windows x86 arch:x86

bc0620bc360a98fd22dac7c60e09c6ca

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

I:\okpWsU\Lnqwxu\kugF.pdb

Imports

ntoskrnl.exe

RtlGetVersion
MmGetPhysicalAddress
RtlFindLeastSignificantBit
RtlCompareString
KeSetKernelStackSwapEnable
RtlInitString
KeSetTimerEx
MmProbeAndLockPages
FsRtlLookupLastLargeMcbEntry
IoMakeAssociatedIrp
ZwMapViewOfSection
FsRtlSplitLargeMcb
RtlRandom
MmUnmapIoSpace
RtlGetNextRange
ExSystemTimeToLocalTime
IoBuildSynchronousFsdRequest
RtlSetDaclSecurityDescriptor
RtlEqualString
MmSecureVirtualMemory
SeValidSecurityDescriptor
CcCopyWrite
IoFreeController
MmLockPagableDataSection
RtlCopyUnicodeString
KeRemoveEntryDeviceQueue
KeClearEvent
RtlUnicodeToOemN
FsRtlNotifyInitializeSync

Exports

Exports

?xlhEuQwhqhNjLOx@@YGPADEPAN@Z
?wptmUerlpRDy@@YGIPAJ@Z
?bdbmdGkfnR@@YGPAFD@Z
?wutMyfCCQNgRjHqlwdLidG@@YGHPAK@Z

Sections

.text
Size: 22KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ