Q:\kplGYzRc\HkYhihxNHp\dkodkiammw\wsuKbAyehYH\XxxvydpRok.pdb
Static task
static1
Behavioral task
behavioral1
Sample
cff98299ff53a09fb8e94644dd506d50_JaffaCakes118.dll
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
cff98299ff53a09fb8e94644dd506d50_JaffaCakes118.dll
Resource
win10v2004-20240802-en
General
-
Target
cff98299ff53a09fb8e94644dd506d50_JaffaCakes118
-
Size
159KB
-
MD5
cff98299ff53a09fb8e94644dd506d50
-
SHA1
7ca3fd579e24d1d3c104ac72d665dd3843d5bb78
-
SHA256
e73be51a7decdfa047bdfa3ff6fc4ee6c414ec65009b948c24b8a67866fe5aeb
-
SHA512
76ff5d25709988838a32d0e10d468280944977f5017c6c5b8e924a4c7f62417693ea31b8969c1947b1397296f9bd2b51a003ff20319e5590fdafb6eb8edec512
-
SSDEEP
3072:BKU9NRqDNH8gdVPkD6c2FfL26HQnZ3gXk23s5Pa+jB3fwLEx:ExNH8gmL2FfL3yJaU3
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource cff98299ff53a09fb8e94644dd506d50_JaffaCakes118
Files
-
cff98299ff53a09fb8e94644dd506d50_JaffaCakes118.dll windows:5 windows x86 arch:x86
571dd8aeff3405f93d1f04aaa167377a
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
Imports
ntoskrnl.exe
SeCaptureSubjectContext
SeDeleteObjectAuditAlarm
CcDeferWrite
IoBuildPartialMdl
IoFreeIrp
SeTokenIsRestricted
IoCheckShareAccess
IoGetLowerDeviceObject
ZwCreateSection
ZwQuerySymbolicLinkObject
KeEnterCriticalRegion
FsRtlNotifyInitializeSync
IoGetInitialStack
IoWMIRegistrationControl
ZwOpenSymbolicLinkObject
KeReadStateTimer
IoDeviceObjectType
KeGetCurrentThread
RtlGetVersion
MmUnlockPages
IoGetDmaAdapter
RtlUnicodeStringToInteger
SeSetSecurityDescriptorInfo
RtlUpcaseUnicodeString
ExIsProcessorFeaturePresent
RtlIsNameLegalDOS8Dot3
CcGetFileObjectFromBcb
KeInitializeDeviceQueue
ObfReferenceObject
KeDetachProcess
MmCanFileBeTruncated
ObReferenceObjectByPointer
IoThreadToProcess
KeTickCount
IoGetAttachedDevice
IofCallDriver
IoGetDeviceInterfaceAlias
FsRtlDeregisterUncProvider
IoInitializeIrp
DbgBreakPoint
KeLeaveCriticalRegion
RtlCreateSecurityDescriptor
ZwOpenFile
KeInsertByKeyDeviceQueue
IoVerifyVolume
IoDeleteController
CcMdlRead
Exports
Exports
?IsNotPenEx@@YGPAFIGPAJG<V
?DeleteDirectory@@YGXEPAGME<V
?IsNotCommandLineW@@YGPAIGMPAF<V
?PutMessageEx@@YGMPA_N<V
?PutObject@@YGPADFPAMPAJPA_N<V
?EnumConfigExW@
Sections
.text Size: 63KB - Virtual size: 83KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE