447a114d0dd0ce3b4b77245a9e7da77e_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

447a114d0dd0ce3b4b77245a9e7da77e_JaffaCakes118
Size

81KB
MD5

447a114d0dd0ce3b4b77245a9e7da77e
SHA1

0bd47296707c10ec9d9ab2cc0e0541d99f093c0d
SHA256

923be67b908c82e6de9c1b490bd88f9075cd8047b3e0377b2cd1b605a54af2ea
SHA512

7da81205d0e9eef6b4ee01c316b2436fa467f6b56f60b66787cdf917274e9ef76dca8712972e43d6737dd31cf6c8ef4f0d688c06ebc58f34332fc9e476a3adf2
SSDEEP

1536:NWXY2GI8U8QlsnErZQ5BMaRsB45gwbEREXjt:Mo2GKbSE1QjMaRH5toRAt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
447a114d0dd0ce3b4b77245a9e7da77e_JaffaCakes118

Files

447a114d0dd0ce3b4b77245a9e7da77e_JaffaCakes118
.dll windows:5 windows x86 arch:x86

9b91e371b7f31d56bae1417fb809dedb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

Z:\malcbmsamoOjWz\fgGjayb\emsHXeEzhTzi\TkDKpquKYWm\vVcbjkYbSmsbwh.pdb

Imports

ntoskrnl.exe

RtlInitString
RtlIntegerToUnicodeString
RtlNtStatusToDosError
RtlCompareString
RtlUpperChar
RtlInitUnicodeString
ObReferenceObjectByHandle
strcat
RtlEqualUnicodeString
SeValidSecurityDescriptor
ZwCreateDirectoryObject
KeInsertHeadQueue
IoGetDeviceInterfaceAlias
ZwAllocateVirtualMemory
RtlEqualString
FsRtlIsFatDbcsLegal
ZwQueryInformationFile
RtlDeleteNoSplay
ZwMakeTemporaryObject
MmFreeNonCachedMemory

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 1024B - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 776B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ