fe2d76cf5b876ebf2cdec584df8b5e5d_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fe2d76cf5b876ebf2cdec584df8b5e5d_JaffaCakes118
Size

44KB
MD5

fe2d76cf5b876ebf2cdec584df8b5e5d
SHA1

6d4a2d5332086eb2de317da0ee9d19090bb19393
SHA256

c9cc36070b47310c66429b67a84bf2dd995e222f5ab2bf8f6a969642be378cdc
SHA512

8a4086eaf49c7ac901461831cfa162e1c7a0ea03e120bb7fa4b132e8301a97aec0646ff896662f3eb4859d4f37fd17068d0ee85d81661a686a6a78c9eeecafb7
SSDEEP

768:MA7Hfgss+wX3dZFYYnaST/o/elsi9crkjFud:/jfY+Ct8YnvTQQsi9cE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fe2d76cf5b876ebf2cdec584df8b5e5d_JaffaCakes118

Files

fe2d76cf5b876ebf2cdec584df8b5e5d_JaffaCakes118
.dll windows:5 windows x86 arch:x86

b84da10762b9dc1dd26916d6255aa8db

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

B:\Fvgmiuo\voHaR\fQkc\Xyuitu\bxfozowF.pdb

Imports

ntoskrnl.exe

IoReuseIrp
CcZeroData
CcCopyWrite
KeLeaveCriticalRegion
MmFreeNonCachedMemory
KeQueryActiveProcessors
IoDisconnectInterrupt
RtlRemoveUnicodePrefix
KeSetBasePriorityThread
FsRtlNotifyUninitializeSync
ZwQuerySymbolicLinkObject
MmUnmapLockedPages
RtlCompareString
MmHighestUserAddress
FsRtlAllocateFileLock
RtlInitString
RtlEqualString
RtlGUIDFromString
KeUnstackDetachProcess
ExGetSharedWaiterCount
RtlGetNextRange
ExSetTimerResolution
IoGetDeviceToVerify
FsRtlCheckLockForReadAccess
KeSetKernelStackSwapEnable
SeAssignSecurity

Exports

Exports

?yrzlosannlwzVnafza@@YGMPAM@Z

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ