96e60fd6708afd5f7a784dcc85150d2a_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

96e60fd6708afd5f7a784dcc85150d2a_JaffaCakes118
Size

42KB
MD5

96e60fd6708afd5f7a784dcc85150d2a
SHA1

5a9cf8d8508dfe5ad46e1ec7ee0606e6e5aef00d
SHA256

a3d6f8e395dc9cc595aaa12d7a6e8f0397db05509c44d0b552f6ce1ab22f3a94
SHA512

e62b05b3dc9ea385d21550cf95d2d9ca100ea6f014ea92bb20a752968be901dac0e8184360aa34e7d39076ef83e3261bad8d5baa06884423e7d018540f2f56b5
SSDEEP

768:jVLUi4VEJ95wvvtoIaNr+THEdMOVGAK7aU2QtcOsk5/n+X5tiA3uUO+1+taT+:p4ijavJQOEijr4e/++UO+XK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
96e60fd6708afd5f7a784dcc85150d2a_JaffaCakes118

Files

96e60fd6708afd5f7a784dcc85150d2a_JaffaCakes118
.dll windows:5 windows x86 arch:x86

098fd13262953586f4f84a2b1e52ecdc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

F:\tuQygl\Ajcp\qPkxdkq\qnbTq.pdb

Imports

ntoskrnl.exe

RtlStringFromGUID
RtlClearAllBits
RtlCompareString
ProbeForRead
IoDisconnectInterrupt
KeInsertQueueDpc
RtlFreeAnsiString
KeRemoveQueue
MmForceSectionClosed
KeInitializeMutex
RtlInitializeSid
RtlSecondsSince1980ToTime
RtlEqualString
FsRtlGetNextFileLock
IoMakeAssociatedIrp
IoReleaseCancelSpinLock
KeInitializeDeviceQueue
MmIsDriverVerifying
MmLockPagableDataSection
RtlInitString
ZwQuerySymbolicLinkObject
RtlTimeFieldsToTime
MmUnmapIoSpace
IoWriteErrorLogEntry
KeSetTimerEx
RtlValidSid

Exports

Exports

?bmjewaQlfhkgVtUBcwwbq@@YGGEJ@Z
?spYGpptl@@YGMEPAD@Z
?ypkEarbjfrFPdormZZjgb@@YGPADJG@Z

Sections

.text
Size: 17KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ