63d208e59a8ab776a1f14688d6ec9aa1_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

63d208e59a8ab776a1f14688d6ec9aa1_JaffaCakes118
Size

35KB
MD5

63d208e59a8ab776a1f14688d6ec9aa1
SHA1

ab6712cbefe636ff68c8709e5ca887bf0f26d799
SHA256

74d650fa56e5e167340e8494a34270cf15ccc4eb1c0a08bedeab56c174b7047b
SHA512

888f2d9021078a7a52fce93592e73fab362c903a3cb211332f6f2af1d659e3afc8d85c961847e546736de682daa5886549f406fc70fc7bd450d61df874f5c523
SSDEEP

768:Iez289iu7dik/slWG8kH/fOAfFR/WE473v:Ie689ik4uSbuE4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
63d208e59a8ab776a1f14688d6ec9aa1_JaffaCakes118

Files

63d208e59a8ab776a1f14688d6ec9aa1_JaffaCakes118
.dll windows:5 windows x86 arch:x86

6ef61b9c22ea73bc37086353e04b90ee

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

F:\kknrgw\glmcx\fjqlax\axWwg\vRtEwm.pdb

Imports

ntoskrnl.exe

RtlInitString
RtlSubAuthoritySid
ZwDeleteValueKey
RtlQueryRegistryValues
PsSetLoadImageNotifyRoutine
MmGetPhysicalAddress
MmFreeContiguousMemory
ExGetExclusiveWaiterCount
atoi
IoStartTimer
RtlCompareMemory
KeReleaseMutex
RtlCompareString
PsLookupThreadByThreadId
MmIsAddressValid
RtlCheckRegistryKey
IoRemoveShareAccess
PoRegisterSystemState
IoCreateDevice
IoDeleteController
ObQueryNameString
KeInitializeSemaphore
RtlEqualString

Exports

Exports

?gURclpxgSckygxWUr@@YGJE@Z
?MCnHkKbrqmEaqJQ@@YGHPAE@Z
?oTQmqss@@YGXPAG@Z
?IsvxykinmAFiwoat@@YGPAHF@Z

Sections

.text
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ