decb1f411f78d19d1b41f3b451e05157_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

decb1f411f78d19d1b41f3b451e05157_JaffaCakes118
Size

43KB
MD5

decb1f411f78d19d1b41f3b451e05157
SHA1

decf9034b53faf77df088bf021d176988b91a4a5
SHA256

5f1330352dc82647568f965400777f316127b1a7613aa7c0dd1373c1a7f0e4d9
SHA512

a9a0b3adf16f6b8d0d40771ea62bab72d891e4e07bf2fd87125ff75fb141242bc0f4a68d80ac48b1e443cdc7b6a9859a8e6400e7a17af33ce2e4101825c72d48
SSDEEP

768:jndbT14x2+mn0prL+UKNs/eQJOt9crkjFud:jx14xdmn0AspJOt9cE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
decb1f411f78d19d1b41f3b451e05157_JaffaCakes118

Files

decb1f411f78d19d1b41f3b451e05157_JaffaCakes118
.dll windows:5 windows x86 arch:x86

1b635cec4ff99dc1ce1571830b0ba77a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

H:\keYgjg\VqWVcfr\gbwA\SNuyphn.pdb

Imports

ntoskrnl.exe

KeQueryTimeIncrement
RtlNtStatusToDosError
RtlEnumerateGenericTable
PoSetSystemState
RtlCompareString
RtlEqualString
IoStartNextPacket
KeUnstackDetachProcess
RtlUpperString
ExSetResourceOwnerPointer
RtlOemStringToUnicodeString
ExUuidCreate
PsGetCurrentThread
ObReferenceObjectByHandle
KeBugCheck
IoDeleteController
RtlInitUnicodeString
MmPageEntireDriver
KeRestoreFloatingPointState
MmQuerySystemSize
RtlInitString
IoAllocateErrorLogEntry
IoReuseIrp
MmAllocateContiguousMemory
IoStopTimer
RtlUpcaseUnicodeString

Exports

Exports

?oqizmtnlxoklRx@@YGIPAMPAJ@Z

Sections

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ