d3a15a3d89a26286cbd481316129cfa9_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d3a15a3d89a26286cbd481316129cfa9_JaffaCakes118
Size

73KB
MD5

d3a15a3d89a26286cbd481316129cfa9
SHA1

9f2401593c723141b3c0e05a114d1a7049ef5f1c
SHA256

82d9c0623a5dc0a56e36f19df0062b48cf0d562350da319a36be4d2013cb0841
SHA512

8b1e4753e1ddda71a47105095924472c6ec0111deeb110b731c71b449e688851f539e3084c085383ad49b4e259e2a90bfa1fcb535c0f9977898352f251e4dce7
SSDEEP

1536:BTd6PF1/ogwZdMTdiSZ5ZwvQhyEWuShzUqkE7h47vN:16/ogwjydiSLZwlLhQqDhYvN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d3a15a3d89a26286cbd481316129cfa9_JaffaCakes118

Files

d3a15a3d89a26286cbd481316129cfa9_JaffaCakes118
.dll windows:5 windows x86 arch:x86

09b2536c00619fe622ed3292534e9744

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

T:\onpqqQyd\fjXbpcki\NHkkeayds\emtaOtwh\gIpvtyfzoxz.pdb

Imports

ntoskrnl.exe

CcFastCopyRead
RtlUpcaseUnicodeChar
RtlCompareString
RtlInitAnsiString
RtlHashUnicodeString
ObCreateObject
RtlEqualString
IoDeleteController
KeRegisterBugCheckCallback
RtlInitUnicodeString
IoInitializeIrp
RtlInitString
RtlEqualUnicodeString
RtlClearBits
KeFlushQueuedDpcs
ExIsProcessorFeaturePresent
CcCopyRead
RtlInsertUnicodePrefix
ZwCreateKey
KeEnterCriticalRegion
RtlUpperChar
KeInsertByKeyDeviceQueue
ExReleaseResourceLite

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.file
Size: 512B - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.type
Size: 1024B - Virtual size: 857B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 788B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ