b1efa908b7ab9c4c0b14505495510ab9_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b1efa908b7ab9c4c0b14505495510ab9_JaffaCakes118
Size

35KB
MD5

b1efa908b7ab9c4c0b14505495510ab9
SHA1

dbe0eb8af26ffd3c7e151dfce5c50b2564cb11a0
SHA256

5daeac4f16fa58e57ca554651328a37a9c864bfa52e856ca849ac24681e1571a
SHA512

c8721eb42512a55e933311dac031348ceb9ce14d6a43a3322ba51376d7f9d83a0ed44a2da67cae20e464e192ec771e7e0be01682f83ef666c544c6597d5c41c9
SSDEEP

768:7z/xX6AVXREp6pyt0LT2MWyvjRODqKFuK:7tKp6p4zyFEZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b1efa908b7ab9c4c0b14505495510ab9_JaffaCakes118

Files

b1efa908b7ab9c4c0b14505495510ab9_JaffaCakes118
.dll windows:5 windows x86 arch:x86

8e796b1d6e19ca82aa10316784c04328

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

P:\PuIqh\ipduv\zQzcdtz\qIxm.pdb

Imports

ntoskrnl.exe

KeCancelTimer
RtlEqualUnicodeString
SeCreateClientSecurity
FsRtlIsTotalDeviceFailure
RtlInitUnicodeString
RtlInitializeSid
RtlCopyString
PoSetSystemState
IoSetDeviceInterfaceState
ExDeleteNPagedLookasideList
KeQueryInterruptTime
strcpy
KeSetPriorityThread
RtlCompareString
RtlEqualString
MmFreeContiguousMemory
RtlFillMemoryUlong
KeInitializeTimerEx
RtlInitString
KeRemoveByKeyDeviceQueue
RtlInt64ToUnicodeString
FsRtlCheckOplock
RtlIntegerToUnicodeString

Exports

Exports

tsd__kpP_
F_SZY_FGPdxfcyqy_gube
psusN_XQW_YSC_XX__J_UEKrh_t__avjtbFLFdaYs__hob
XX___CF___uMMC_Wo_XZ_GP_N

Sections

.text
Size: 15KB - Virtual size: 78KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 796B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 852B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ