8901158b18d853db26c420dff99f523b_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8901158b18d853db26c420dff99f523b_JaffaCakes118
Size

73KB
MD5

8901158b18d853db26c420dff99f523b
SHA1

629e6cc90ef3d82a0da7a1b1a357bb798ab91007
SHA256

57dec2c242f97bfdb77f060a14a08300e64c9b4a05790dcebb73b3cb2e18f439
SHA512

8041b4b2892bdfccde41246e88017e06f71bce7ed701f7e15eeeb14cc9ef239eafc4d8ab680d08abd593ac5c7c26c70608fa336bf41de93160f32b01305e04b8
SSDEEP

1536:0o36+P02vXyk0Sw13qEvNJZrkljnqTUEe4Z8E4yqyot1E:0p+P02vuHNXSjqTUDi8E4yTot1E

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8901158b18d853db26c420dff99f523b_JaffaCakes118

Files

8901158b18d853db26c420dff99f523b_JaffaCakes118
.dll windows:5 windows x86 arch:x86

cf51e8f7684a6e438b381745912831cd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

I:\toqyCebzspaDO\optrfyoKdm\uPGpazafnaacl\zUjfvYlmmro\kmtwtUlbjcv.pdb

Imports

ntoskrnl.exe

RtlUpperChar
IoStartTimer
SeValidSecurityDescriptor
IoGetDriverObjectExtension
RtlSetDaclSecurityDescriptor
IoGetDeviceInterfaceAlias
IoSetDeviceInterfaceState
KeBugCheck
RtlEqualUnicodeString
RtlClearBits
RtlInitString
RtlEqualString
ZwFlushKey
KeInitializeDpc
RtlInitUnicodeString
MmPageEntireDriver
RtlCopyUnicodeString
KeDelayExecutionThread
KeInitializeDeviceQueue
RtlCharToInteger
RtlInsertUnicodePrefix
MmFreeContiguousMemory
SeTokenIsAdmin
FsRtlIsDbcsInExpression
KeFlushQueuedDpcs
RtlAreBitsClear
RtlClearAllBits

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 10KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ