Q:\kplGYzRc\HkYhihxNHp\dkodkiammw\wsuKbAyehYH\XxxvydpRok.pdb
Static task
static1
Behavioral task
behavioral1
Sample
03d1845ea859e02b31bd66f58ad95c6d_JaffaCakes118.dll
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
03d1845ea859e02b31bd66f58ad95c6d_JaffaCakes118.dll
Resource
win10v2004-20240802-en
General
-
Target
03d1845ea859e02b31bd66f58ad95c6d_JaffaCakes118
-
Size
445KB
-
MD5
03d1845ea859e02b31bd66f58ad95c6d
-
SHA1
18e1764880c839697fc4c9080098a2b5558dcf90
-
SHA256
4753227a2ae884363e41cc8122c89bf0023a748f4bb0891ffe68f5a9262c5f80
-
SHA512
44ab976ac84171f92b20686bd7e6d4fde3c9a40f3d88fab919a255b8454d04501b2019204d0104f339ccab3ed39b988a4a7ff91a60bb9eab56984493c8e27763
-
SSDEEP
6144:9s7HSc5vBZEKTHAJiKXi4LE4wxHObJ2LG24z/3nZr26tVrl/tg5o8jOcfDvecdQs:2yyfBtKy4LE4wxubJ2Li73ZpjgRdKWQ
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 03d1845ea859e02b31bd66f58ad95c6d_JaffaCakes118
Files
-
03d1845ea859e02b31bd66f58ad95c6d_JaffaCakes118.dll windows:5 windows x86 arch:x86
571dd8aeff3405f93d1f04aaa167377a
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
Imports
ntoskrnl.exe
SeCaptureSubjectContext
SeDeleteObjectAuditAlarm
CcDeferWrite
IoBuildPartialMdl
IoFreeIrp
SeTokenIsRestricted
IoCheckShareAccess
IoGetLowerDeviceObject
ZwCreateSection
ZwQuerySymbolicLinkObject
KeEnterCriticalRegion
FsRtlNotifyInitializeSync
IoGetInitialStack
IoWMIRegistrationControl
ZwOpenSymbolicLinkObject
KeReadStateTimer
IoDeviceObjectType
KeGetCurrentThread
RtlGetVersion
MmUnlockPages
IoGetDmaAdapter
RtlUnicodeStringToInteger
SeSetSecurityDescriptorInfo
RtlUpcaseUnicodeString
ExIsProcessorFeaturePresent
RtlIsNameLegalDOS8Dot3
CcGetFileObjectFromBcb
KeInitializeDeviceQueue
ObfReferenceObject
KeDetachProcess
MmCanFileBeTruncated
ObReferenceObjectByPointer
IoThreadToProcess
KeTickCount
IoGetAttachedDevice
IofCallDriver
IoGetDeviceInterfaceAlias
FsRtlDeregisterUncProvider
IoInitializeIrp
DbgBreakPoint
KeLeaveCriticalRegion
RtlCreateSecurityDescriptor
ZwOpenFile
KeInsertByKeyDeviceQueue
IoVerifyVolume
IoDeleteController
CcMdlRead
Exports
Exports
?IsNotPenEx@@YGPAFIGPAJG<V
?DeleteDirectory@@YGXEPAGME<V
?IsNotCommandLineW@@YGPAIGMPAF<V
?PutMessageEx@@YGMPA_N<V
?PutObject@@YGPADFPAMPAJPA_N<V
?EnumConfigExW@
Sections
.text Size: 65KB - Virtual size: 89KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE