fe085b77a7b40f6dbda6c987ee8fe548_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fe085b77a7b40f6dbda6c987ee8fe548_JaffaCakes118
Size

159KB
MD5

fe085b77a7b40f6dbda6c987ee8fe548
SHA1

9f0d4f83c996025623badbcfafdfcef84a6470fe
SHA256

7117377acd4437e932eb3974480ea406ccaf24aacd6c3495baf651cd6cd784a2
SHA512

bcc36cb21e691b7c48d640382fa70b15f72213ac719192bdf07e805a2fe46c6438f07ff24a5847bed14220ec04b37feb0f3d83e906f296b5d0569dd40db2a9d5
SSDEEP

3072:XZ+ROlWFY69NrdlQzXVPkD6c2FfL26HQnZ3gXk23s5Pa+jB3fwLEx:piZswL2FfL3yJaU3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fe085b77a7b40f6dbda6c987ee8fe548_JaffaCakes118

Files

fe085b77a7b40f6dbda6c987ee8fe548_JaffaCakes118
.dll windows:5 windows x86 arch:x86

f78d48b7d1ce0d096cc0ced59ac44afb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

N:\xvplpNDNS\mzTLwulEzcatc\tqdoUpcvhA\xehGwNfnjwomd\ubuuSeMcwvy.pdb

Imports

ntoskrnl.exe

KeWaitForMultipleObjects
ExCreateCallback
FsRtlIsHpfsDbcsLegal
FsRtlFastCheckLockForRead
ExGetExclusiveWaiterCount
RtlInitUnicodeString
ObGetObjectSecurity
RtlEqualUnicodeString
RtlFindClearRuns
IoDetachDevice
RtlEqualString
ExRaiseAccessViolation
RtlFindLeastSignificantBit
ExFreePool
ZwOpenKey
RtlEnumerateGenericTable
KeInsertByKeyDeviceQueue
KeSetTimer
ExReleaseFastMutexUnsafe
IoRequestDeviceEject
RtlUpperChar
KeInitializeMutex
MmPageEntireDriver
FsRtlSplitLargeMcb
RtlInitString
SeAssignSecurity
KeInitializeTimerEx
ZwOpenProcess

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 10KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 748B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ