69be5b61c0f17838e9b8c578f91ad360_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

69be5b61c0f17838e9b8c578f91ad360_JaffaCakes118
Size

68KB
MD5

69be5b61c0f17838e9b8c578f91ad360
SHA1

4efc798790eb2ad6a644e15216ef8d24e9d48d92
SHA256

aab0a495c2f1d1100ab681b7838ce2980784d6e5b861001fc44588ec099b1867
SHA512

facaa68df8101373ddcd895c0ee7a72dd6e845341b41b05611e597c6e85f9acf2d266efea0d5ca0e6428b56a4967f2feaf6c5cfd2c6e17151269064331a45b6c
SSDEEP

1536:MnRS/OeCATvDw2g/XKhzxSmWXvRXBTBNUcM1o:c4FrT3GXUzIrvRxTX9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
69be5b61c0f17838e9b8c578f91ad360_JaffaCakes118

Files

69be5b61c0f17838e9b8c578f91ad360_JaffaCakes118
.dll windows:4 windows x86 arch:x86

ec550b165c229dd266bd51efaacea5f8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

ExAllocatePool
RtlImageNtHeader
HalDispatchTable
ExFreePoolWithTag
ExFreePool
ZwSetDefaultLocale
ExIsResourceAcquiredSharedLite
KeEnterKernelDebugger
KdDebuggerNotPresent
ZwOpenSection
memcpy
LpcRequestPort
KeReadStateEvent

hal

HalStopProfileInterrupt
HalMakeBeep
KeReleaseQueuedSpinLock
HalSetEnvironmentVariable
IoWritePartitionTable
ExAcquireFastMutex
KeAcquireSpinLockRaiseToSynch
WRITE_PORT_BUFFER_ULONG
IoFreeMapRegisters
HalGetBusDataByOffset
KeQueryPerformanceCounter
HalStartProfileInterrupt

Exports

Exports

HzEbfmcvOrfoszTvvykik
BhJtacYnp
JnjIjhsjmiCuymig
XtqNmhhtpwGetnyDslonEwi
AyinJerpjny
XvJmtebxxWmrdhaxUvpqwnsQd
HwitWbltnOmcm
SyyTxwyFktnTjvkEv
CuQmplzPznogheYhupxmf

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 38B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ