16277348f31d506913f0a8e9170d9327_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

16277348f31d506913f0a8e9170d9327_JaffaCakes118
Size

180KB
MD5

16277348f31d506913f0a8e9170d9327
SHA1

0de95dc5ad53f4218be6a05ad6cd7f1e4f1aef3d
SHA256

a2e2c390aa2a0e3173ef3dff69726d046972aab17f1b69f84ecc94d66754c76a
SHA512

ceb8caf08f579b9ca87cf6371662252f5d869a1d659247183180fe4ec98d08a1bd4eade54c7d33110ec3e903cc156c73e5918aa8f8153286f94e283ab14d5d2d
SSDEEP

3072:7kMatoFooofDpQfy/wY+N6nwBMUfgnZEeZPn0thbeeFPoYGBOdX:7kMxAmjYxeqZEEPSBjLc2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
16277348f31d506913f0a8e9170d9327_JaffaCakes118

Files

16277348f31d506913f0a8e9170d9327_JaffaCakes118
.dll windows:5 windows x86 arch:x86

3c24d1a09a3aacc3803c29c34980b44a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

O:\TuvkkLQ\cvvXzleLpldb\Ghfyeafj\coNstOVIwzrv.pdb

Imports

ntoskrnl.exe

KeInitializeMutex
KeLeaveCriticalRegion
RtlCompareString
RtlInitUnicodeString
CcCopyWrite
RtlInitializeUnicodePrefix
RtlHashUnicodeString
_wcsupr
RtlInitializeBitMap
IoAcquireCancelSpinLock
MmSetAddressRangeModified
PoSetPowerState
RtlInitString
IoCancelIrp
CcPreparePinWrite
RtlSetBits
ExAcquireResourceSharedLite
RtlEqualUnicodeString
IoDisconnectInterrupt
ExAllocatePoolWithQuotaTag
KeInitializeTimerEx
RtlEqualString

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.file
Size: 512B - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.type
Size: 1024B - Virtual size: 926B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 788B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ