2954c910140f7365983f8683e73fa8b8_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2954c910140f7365983f8683e73fa8b8_JaffaCakes118
Size

39KB
MD5

2954c910140f7365983f8683e73fa8b8
SHA1

7835f371a58fdfb3a4c47fde29bec722aa2ab321
SHA256

54d247182d3f26abd5e9f9b4c1050ee196211fae78419bc1e6d60d78f3b9af6a
SHA512

9d1c42921ba277ebc8b61730ce5a0d8b873e9789cecb39a337d3fba2829c7f5be1bf88770953f8bee23a46636d23209464e1a7e271144cf605fbd1242ee57eb2
SSDEEP

768:Ef3g3Ad5cOU1zYBpn5J6uaq/Nin0gPkKjb:Efo45Kz21i3qA05Kjb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2954c910140f7365983f8683e73fa8b8_JaffaCakes118

Files

2954c910140f7365983f8683e73fa8b8_JaffaCakes118
.dll windows:5 windows x86 arch:x86

bb284eef1b7c02259b332d058988ba8b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

G:\kbYgFNbl\HaCRaTH\kxbnfs\xbBfSWC.pdb

Imports

ntoskrnl.exe

RtlCompareString
IoCreateSymbolicLink
IoRequestDeviceEject
PsGetCurrentThread
RtlOemStringToUnicodeString
MmSetAddressRangeModified
RtlInitString
RtlAppendStringToString
RtlFindClearRuns
KeInsertDeviceQueue
RtlDowncaseUnicodeString
RtlUpperChar
RtlCompareMemory
MmFreePagesFromMdl
RtlQueryRegistryValues
ZwFsControlFile
ExReinitializeResourceLite
IoCreateDevice
RtlFindClearBits
KeReleaseMutex
RtlSecondsSince1970ToTime
KeSetImportanceDpc
KeInitializeQueue
IoAttachDeviceToDeviceStack
IoCreateStreamFileObjectLite
IoInvalidateDeviceRelations

Exports

Exports

?vAtSncCsgl@@YGX_N@Z

Sections

.text
Size: 14KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ