I:\vUKU\trEhx\fUEhrXEP.pdb
Static task
static1
Behavioral task
behavioral1
Sample
29fd476df7998416fd0fdfc3228d0805_JaffaCakes118.dll
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
29fd476df7998416fd0fdfc3228d0805_JaffaCakes118.dll
Resource
win10v2004-20240704-en
General
-
Target
29fd476df7998416fd0fdfc3228d0805_JaffaCakes118
-
Size
51KB
-
MD5
29fd476df7998416fd0fdfc3228d0805
-
SHA1
3e4c952333ef96d43be9758ca87049dba3a61327
-
SHA256
6a769d87aea7ab439809b9b48902a79e1c29c95fab7979862ac6d97d2b2f6faa
-
SHA512
3a9f50488379a6cf419a0bc52a179eb7b83e4f083521cd31cdc5a8f097858a79d47562d4edf5e3d596f6a395ea5d6c143c2459b81fc825b4f0abb9c19dc20202
-
SSDEEP
768:o1mLmwiu+jQFzO9NmiU09DftShm6y9XHWiHUmT+5FLZj5fXnS0LT91qAcg:9iri6TmuFlcliHE1SwaA
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 29fd476df7998416fd0fdfc3228d0805_JaffaCakes118
Files
-
29fd476df7998416fd0fdfc3228d0805_JaffaCakes118.dll windows:5 windows x86 arch:x86
2151e544d95c6c40e52a285c77bcbc86
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
Imports
ntoskrnl.exe
strcpy
FsRtlFreeFileLock
KeReadStateEvent
IoCreateDevice
ObQueryNameString
ExReinitializeResourceLite
SeValidSecurityDescriptor
KeCancelTimer
RtlInitUnicodeString
FsRtlNotifyInitializeSync
RtlEqualString
KeInitializeTimerEx
RtlIntegerToUnicodeString
RtlMultiByteToUnicodeN
RtlEqualUnicodeString
MmIsAddressValid
RtlCompareString
IoDeleteDevice
RtlInitString
Exports
Exports
jnofuLALC_VNVQUhfvhscg_B___AVsi
OBWF_AYt_zv_umUJY_F_wlOaofrso_v
e_qiftuu_kJIR__X_fuWKXJEEFT
DFG_bjfeafjfNQP_PGX___MyN_M_Nkw_sfwwf_xfw
gxctCR_j__tddJ_S__KC_DYVAW__CGJimb_mqlxz_jG_Y_SPHk
ebwG_NnWP_MWbu_SDY_dvMXXR_U_TmwOekzmxhcZ__WXTCx_msVwbz
JE__P_WJEEYS_CMkIF_ABUEmmugnIZRWxsgeOR_LGM
sc_YR_DMYJILJFGUxl_G_NW_A__LKV_
IPVR_Szpfkkm_dk___c___m_eZBfrvKAIP_B_WANu_vu_lmypgS
xKZMNI_vbrxfYD__Oyb_cc
v_iulywwxPBC
IOLH_TSWEHF_py__vnkboa_tajeiraBTRUNKkwxk__k_mZ__GEH_j_lu
Ms_myzix__o_ztovOJfezu_ih_wFUYRHK__HBA_AGRWSepetxqYR_
ZECCU__FNVEGrgt_tYM
dluegm_figr_nuhq_x__d_QPHJ_Bg_im_d
i_sppssl_JIKQ
C_QM_Nbuxl__s_F__O__TEbIM_X_XYnnf__MPOC
Sections
.text Size: 24KB - Virtual size: 88KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 9KB - Virtual size: 8KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 10KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 16B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 976B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ