3f620f028eeeb1c608c59a20a1c0551a_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3f620f028eeeb1c608c59a20a1c0551a_JaffaCakes118
Size

65KB
MD5

3f620f028eeeb1c608c59a20a1c0551a
SHA1

459abb3567190b720ded11db40a92825e9bc34d5
SHA256

30d5b37d5cd6d3338779c24190899e032d50f985342b6f97859eca0e0db64ac2
SHA512

798c5382d8c983a645b8cd2465938b0a775a68b1b3784d447bc4b158817633bc484f2db5d51cb3ec36dee163e7429dd90371d1569349577bc7f0295857b64620
SSDEEP

1536:WBB5uZXu09Z+AcCBl/DSJVWOE8N1vLbYAg:yB5uZpZ+AVBl/DSJVWLIRbYB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3f620f028eeeb1c608c59a20a1c0551a_JaffaCakes118

Files

3f620f028eeeb1c608c59a20a1c0551a_JaffaCakes118
.dll windows:5 windows x86 arch:x86

b2f5fb012d535b5d58518758423dadd3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

G:\nfScPMyHzrx\prLxczotdoqkPowuvskq\lgmzhihYBcscd\uowqIqdvjpbvrWiGJwp\bnwmdlgupywiocOZer\wkkiptqejtAWwRoBrhKbl\jJrAjnYyLbjiiecDwl\zVyfIoRjnvpx.pdb

Imports

ntoskrnl.exe

ZwDeviceIoControlFile
RtlInitString
strncpy
KeWaitForMultipleObjects
RtlInitUnicodeString
RtlIntegerToUnicodeString
RtlCreateUnicodeString
FsRtlLookupLastLargeMcbEntry
KeCancelTimer
KeQuerySystemTime
IoCreateNotificationEvent
ExReleaseResourceLite
RtlTimeToTimeFields
RtlSecondsSince1970ToTime
RtlCharToInteger
RtlEqualUnicodeString
ExSetTimerResolution
IoFreeWorkItem
MmResetDriverPaging
KeInitializeQueue
RtlCompareString
RtlEqualString
KeInitializeTimerEx

Sections

.text
Size: 23KB - Virtual size: 86KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 704B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ