f011204eb57d0ae9997d1d0f080a87de_JaffaCakes118 | Triage

Sharing

General

Target

f011204eb57d0ae9997d1d0f080a87de_JaffaCakes118
Size

159KB
MD5

f011204eb57d0ae9997d1d0f080a87de
SHA1

c5d14dbdb7f3c0aaed271f0e228993321940ce04
SHA256

54805b217c3c1a395c10c6cd487ce2f76db54028af2c41d6930ec866f6b14e79
SHA512

7bbf70727652940518f3a02e3919858845a739b7914abb144f0eca7d2aec1276d6e2314e36729f0fe16dd3a06388c254bcf8d5e95c6a7629c53fa27de7aae7c3
SSDEEP

3072:cBpEiaoiaSSL/qY0Dv0DzxOpyveIn0C2cJaJFs0r9gkJKqDm+TAnBRjvt:cBpE6L/rzwA0C2ckJ4f+iBRjv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f011204eb57d0ae9997d1d0f080a87de_JaffaCakes118

Files

f011204eb57d0ae9997d1d0f080a87de_JaffaCakes118
.dll windows:5 windows x86 arch:x86

75044bd629656df732b8899213bbc484

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

S:\grlgvUj\sawzxuK\ngCYaQgGyvp\yhczOefqymspda.pdb

Imports

ntoskrnl.exe

IoGetRequestorProcessId
PsGetCurrentThreadId
KeInsertByKeyDeviceQueue
PsCreateSystemThread
RtlIntegerToUnicodeString
IoBuildPartialMdl
RtlInitString
RtlEqualUnicodeString
RtlUpperChar
SeDeassignSecurity
RtlInitUnicodeString
IoAllocateWorkItem
IoReuseIrp
RtlInsertUnicodePrefix
KeWaitForSingleObject
CcFastCopyRead
RtlGUIDFromString
RtlInitializeUnicodePrefix
IoSetShareAccess
IoSetSystemPartition
IoSetDeviceInterfaceState
RtlCompareString
IoReleaseCancelSpinLock
IoCreateSymbolicLink
IoInitializeIrp
RtlEqualString

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 1024B - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 780B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ