f53d4ecc65ebf136d2bf8cdf0990ba9a_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f53d4ecc65ebf136d2bf8cdf0990ba9a_JaffaCakes118
Size

44KB
MD5

f53d4ecc65ebf136d2bf8cdf0990ba9a
SHA1

7850b49c4cd564539224c1d2b7de5df4ad491bb3
SHA256

900a404336d045db9fd8d91b356efde1ffd8972076882776feb1f4859d0f8aa1
SHA512

03f8b4eaecc9b92bfe22460b508a30a7bf48d4637d4e17f626219fd931918a2c677b6ebd22fa654fd94432e2107e6be37f5326de9097bf86f1cf179b70e11e80
SSDEEP

768:GUE/xqI5y6juG0yTgN868zFUIu4NyGFn9nX6G9crkjFudJCVW:GUIxqcXSGtTgGSkyYnVX6G9cEZW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f53d4ecc65ebf136d2bf8cdf0990ba9a_JaffaCakes118

Files

f53d4ecc65ebf136d2bf8cdf0990ba9a_JaffaCakes118
.dll windows:5 windows x86 arch:x86

1606d0102e1dbc0846494bc7ce2391e1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

L:\azgbH\nfpz\xRrC.pdb

Imports

ntoskrnl.exe

KeInitializeQueue
MmFreeNonCachedMemory
IoAttachDeviceToDeviceStack
RtlCompareString
IoAllocateController
RtlEqualString
RtlInitializeBitMap
RtlInitializeUnicodePrefix
PoSetSystemState
RtlAppendUnicodeToString
SeQueryInformationToken
MmSecureVirtualMemory
IoBuildPartialMdl
RtlSecondsSince1970ToTime
RtlTimeFieldsToTime
PsLookupProcessByProcessId
MmGetSystemRoutineAddress
IoRemoveShareAccess
PoSetPowerState
PsGetCurrentThread
RtlInitString
RtlDowncaseUnicodeString
IoReuseIrp

Exports

Exports

?nvIqclp@@YGMPAME@Z

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ