81cd556f1a60dba880fa178a2ef7cf6c_JaffaCakes118 | Triage

Sharing

General

Target

81cd556f1a60dba880fa178a2ef7cf6c_JaffaCakes118
Size

38KB
MD5

81cd556f1a60dba880fa178a2ef7cf6c
SHA1

6de3848be165b70434a4870415ba800fec4c724a
SHA256

c623117661186dc943fb873eb335c64967f7c6f720f4d3aa5d3dbf464e315217
SHA512

76be585998b3bc3054415fd5fadd47826fbfad000e808118b32bcd0887093e6149e08ee75255301a13022399806af69e715b02558bfadf5cbaa0eab62468a963
SSDEEP

768:XjHkf310tz1zY+PlnnLy4gEQnegPkKjEX:If1szrZ2EQe5KjEX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
81cd556f1a60dba880fa178a2ef7cf6c_JaffaCakes118

Files

81cd556f1a60dba880fa178a2ef7cf6c_JaffaCakes118
.dll windows:5 windows x86 arch:x86

8448a5e46119ab2c1f1f991b06a5efc8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

S:\aqdcuf\vzWyzzk\PxzOEe.pdb

Imports

ntoskrnl.exe

IoInvalidateDeviceState
RtlEqualString
RtlPrefixUnicodeString
PsLookupThreadByThreadId
KePulseEvent
RtlInitializeUnicodePrefix
RtlxUnicodeStringToAnsiSize
KeInitializeMutex
RtlFindClearRuns
IoReportDetectedDevice
KeUnstackDetachProcess
IoDeviceObjectType
KeQuerySystemTime
KeInitializeTimer
ZwReadFile
RtlRemoveUnicodePrefix
MmProbeAndLockPages
IoAllocateMdl
KeSetKernelStackSwapEnable
IoFreeMdl
IoCreateSymbolicLink
RtlInitString
RtlCompareString
KeRundownQueue
RtlEqualSid
RtlAnsiStringToUnicodeString

Exports

Exports

?aEhxbqcFvoTuiycg@@YGFPA_NM@Z

Sections

.text
Size: 13KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ