ceb7ce12e043d2351cac8d3ff5589d9d_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ceb7ce12e043d2351cac8d3ff5589d9d_JaffaCakes118
Size

443KB
MD5

ceb7ce12e043d2351cac8d3ff5589d9d
SHA1

acd9281c4fff47593df655469627f2035c10802e
SHA256

d767c28d302c3af5326e6c12206f48e04fc973f8c4686877d7b7df36e8c73773
SHA512

3f603ab31dec984bff11a15734e2b3b7a0c1fc75a1eb2f52774e6e483d27b6d6bccead038563765200e648861deaaa87b425458f7ced60fe06c4278702b2b659
SSDEEP

6144:ALZBfdHIrMbA96Vid9szw77k6M8i1cES128JV3Lk1q13+pKSSFxi8d0Q7kTUxYcP:A3dHkJs0MO128JtpuY9ccSI8tAZH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ceb7ce12e043d2351cac8d3ff5589d9d_JaffaCakes118

Files

ceb7ce12e043d2351cac8d3ff5589d9d_JaffaCakes118
.dll windows:5 windows x86 arch:x86

71b21e0f1605aafa751adcc0ece8456e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

S:\kfiGafgzfyZ\HHxfkDcpo\cViuziqrgTjzF\bqKphOekn\yDlpJbnrjDblp.pdb

Imports

ntoskrnl.exe

RtlFindUnicodePrefix
RtlEqualUnicodeString
MmLockPagableDataSection
CcPreparePinWrite
FsRtlFreeFileLock
RtlCompareString
RtlAnsiStringToUnicodeString
KeWaitForSingleObject
RtlInitUnicodeString
RtlInitString
IoSetThreadHardErrorMode
ZwMakeTemporaryObject
KeQueryActiveProcessors
IoStartPacket
ExGetPreviousMode
RtlEqualString
RtlHashUnicodeString
IoGetDeviceInterfaces
KeSetTimerEx
_wcsupr
RtlInitializeBitMap

Sections

.text
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.file
Size: 512B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.type
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 788B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ