cdda71812c9a23bda8e13233124af379_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

cdda71812c9a23bda8e13233124af379_JaffaCakes118
Size

38KB
MD5

cdda71812c9a23bda8e13233124af379
SHA1

e476bf8c6c4bcecbec82079e55037bef0c9e0a8e
SHA256

1c7a188e944c02c9b46e96d403b8f2f54c3f52f23be926dca552f1a20bf59e03
SHA512

43313d03ad99343e1e5f26f81f1364877944eed284e75e897baae95c3a9740bcdd0ea9039130af35ac866bc027559c577d771a32f62053968ba4bcc2990e8be2
SSDEEP

384:DIXweAui5biAhQwJcqqQ4NW9wQHB/e1BQ/RYG0iOoNB0tGTdwCGX4vDf//eAOXI4:sXs/+QCWGQHB/esOoNueTH/fOAfFR/W

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cdda71812c9a23bda8e13233124af379_JaffaCakes118

Files

cdda71812c9a23bda8e13233124af379_JaffaCakes118
.dll windows:5 windows x86 arch:x86

515971defe194b17cefc907614cb3817

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

L:\mkfgQu\ffvfKi\yjzKqNAD.pdb

Imports

ntoskrnl.exe

FsRtlIsNameInExpression
ZwOpenFile
KeRemoveDeviceQueue
IoMakeAssociatedIrp
RtlInitializeGenericTable
RtlNtStatusToDosError
CcZeroData
RtlEqualString
CcFastCopyRead
CcFastMdlReadWait
IoWMIRegistrationControl
FsRtlCheckLockForReadAccess
RtlInitString
IoSetSystemPartition
IoGetDeviceToVerify
IoCreateSymbolicLink
ZwDeviceIoControlFile
RtlRandom
RtlxUnicodeStringToAnsiSize
RtlCompareString
IoUpdateShareAccess
SeTokenIsRestricted

Exports

Exports

?nJbkmqdaXfqcLerHWr@@YGPAXPA_N@Z

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 20KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ