88f092435e82d143df9126d52359454c_JaffaCakes118 | Triage

Sharing

General

Target

88f092435e82d143df9126d52359454c_JaffaCakes118
Size

43KB
MD5

88f092435e82d143df9126d52359454c
SHA1

6ab61a9a8cb7d6b4833978c8831960c7b1be28a9
SHA256

1c713ce5e76bdd02c969e29807ec5365e05f58362ee2105c5b98e20d7c4b87ab
SHA512

d59160a8fff2f28d08b069108196b2c72e3121e6867cda7d830eff0505662d41f8fc103b4fb78440e1b3375b53b4e7a69195ea845689fbb317566e7ed19c926b
SSDEEP

768:gIIGiUYpm/+Ur2sr+TQAZJMOVGANoIoVk1otaN349Vn78K9c5tiA3uUO+1+taTJ:gQLYW+Ur52Z+jaoVoRW3NUO+X

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
88f092435e82d143df9126d52359454c_JaffaCakes118

Files

88f092435e82d143df9126d52359454c_JaffaCakes118
.dll windows:5 windows x86 arch:x86

8a6af2c983d3693683be86b8d122267f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

W:\yAvyldo\sCtpnxQn\oKcEing.pdb

Imports

ntoskrnl.exe

KeSetBasePriorityThread
RtlFindClearBits
ZwReadFile
RtlCompareString
SeQueryInformationToken
SeTokenIsRestricted
ExUuidCreate
CcIsThereDirtyData
IoStopTimer
IoGetBootDiskInformation
RtlEqualString
RtlLengthRequiredSid
MmQuerySystemSize
ZwCreateSection
IoFreeMdl
KeBugCheckEx
MmUnsecureVirtualMemory
RtlLengthSecurityDescriptor
IoAcquireCancelSpinLock
RtlInitString
RtlDeleteNoSplay

Exports

Exports

?RbljqaWOFfctwfal@@YGNH@Z
?lctyeJNzdUjx@@YGXPAEPAD@Z
?zabZasA@@YGEPAG@Z
?whekOHfxpep@@YGXH@Z

Sections

.text
Size: 21KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ