2c4d419e287b14885d406c1bc13dd62f_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2c4d419e287b14885d406c1bc13dd62f_JaffaCakes118
Size

72KB
MD5

2c4d419e287b14885d406c1bc13dd62f
SHA1

ae66630e85b3947817b6c05f44027a2e8116811b
SHA256

855630a7fe0cbccf2e7efcd8d05199fcbc00b8c3a22e9fa5b9e3a0c37f81be86
SHA512

f489f736c9562717c8f0aa2a1cd6071a3a32558b5ef96a4998d6fcb19db2b46f5db89a0fcb46c1f470716281398fc2c812a3a0fbdf857aa27dca627261a7481a
SSDEEP

1536:GM4nC4ANhZc01SKl8VUT5Kcvodl5w8xJXO3O:92Clr+01Vl8GT5ngdlq8x0e

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2c4d419e287b14885d406c1bc13dd62f_JaffaCakes118

Files

2c4d419e287b14885d406c1bc13dd62f_JaffaCakes118
.dll windows:5 windows x86 arch:x86

5de75e26bdd4efbad3ccc5faa887fa7a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

Z:\jekNjoxvdnzw\VybAicuxLygQmfoqsrbr\xaNvhaJwwgsthKWfvpxw\tsixTbzyIZbubWm\yfmuBdVpnSky\qkVfrmnWudQoavvulmtdqe.pdb

Imports

ntoskrnl.exe

RtlVerifyVersionInfo
RtlSubAuthoritySid
CcFastMdlReadWait
RtlFindSetBits
RtlEnumerateGenericTable
ExSystemTimeToLocalTime
IoRemoveShareAccess
ExSetResourceOwnerPointer
RtlCompareString
KeInitializeApc
RtlInitString
MmGetPhysicalAddress
RtlIntegerToUnicodeString
KeInitializeSpinLock
RtlEqualString
RtlCharToInteger
IoAllocateMdl
RtlDeleteNoSplay
RtlEqualUnicodeString
RtlInitUnicodeString

hal

HalAcquireDisplayOwnership
KeQueryPerformanceCounter

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 892B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ