f99c2e4c20b4f6b6b5c1eafdf9abc8aa_JaffaCakes118 | Triage

Sharing

General

Target

f99c2e4c20b4f6b6b5c1eafdf9abc8aa_JaffaCakes118
Size

35KB
MD5

f99c2e4c20b4f6b6b5c1eafdf9abc8aa
SHA1

7ba0abb72658fb7ec59ac8f7b279874ea35e514a
SHA256

ab70208164fdc299a10267aa11ebeca9fde472da958b7f2f2700e065f106e0d3
SHA512

3a409bf0f59af441ead7a2ce1ef51028f7ea6d7f0b990df2119023c2a8a9ea994ec34a80a9cfcb1c072c70e2f1a6bdcf0d467a1d4f5dda0d100e36f067a178bb
SSDEEP

768:rMf5BJHPpQ4Q99Zw+/V/H/fOAfFR/WE1:onJHRc99ZVmSbuE1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f99c2e4c20b4f6b6b5c1eafdf9abc8aa_JaffaCakes118

Files

f99c2e4c20b4f6b6b5c1eafdf9abc8aa_JaffaCakes118
.dll windows:5 windows x86 arch:x86

ae5e888040231675ba3b7203f65b115c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

W:\giTk\Vcki\hlpDJnlw\cacWvdm.pdb

Imports

ntoskrnl.exe

ZwCreateDirectoryObject
RtlInitializeBitMap
atoi
KeDeregisterBugCheckCallback
PoSetPowerState
CcRemapBcb
SeTokenIsAdmin
KeRemoveByKeyDeviceQueue
ExAllocatePoolWithQuotaTag
RtlInitString
RtlEqualString
PsTerminateSystemThread
KeInitializeTimerEx
RtlUpperString
MmMapIoSpace
RtlCompareString
RtlVerifyVersionInfo
MmGetPhysicalAddress
IoAllocateErrorLogEntry
ZwOpenFile
RtlMapGenericMask
ZwEnumerateValueKey
PsLookupProcessByProcessId

Exports

Exports

?BOlNsunspDldcpkopxrzW@@YGGMM@Z
?SygatwcJzTaAaPmz@@YGPAFPAH@Z

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 560B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ