eddfe361fe83701a517acd0903dd88e0_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

eddfe361fe83701a517acd0903dd88e0_JaffaCakes118
Size

42KB
MD5

eddfe361fe83701a517acd0903dd88e0
SHA1

b084067de83754b24d17a962f0f4247be46725d5
SHA256

a6271888286c1aaf4929c20f76f137936f548369e26a5f986278014960082791
SHA512

402c86b801d9a69a7faa8adce2842af8b9a44290461c4b72c53f33c37d853c0f35f9130359b4e27ba32cf3e66318d178bd7615cb66cfef2c13e85a30151f29a3
SSDEEP

768:p+WT2OFpNdZv5alPs6yq3W+aELNv6MifDNM73Hxp4PgTkTf:p+fOFpNV0hyqWrMi2rRpR8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
eddfe361fe83701a517acd0903dd88e0_JaffaCakes118

Files

eddfe361fe83701a517acd0903dd88e0_JaffaCakes118
.dll windows:5 windows x86 arch:x86

e84b068c101559781dcb8627f064a89f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

SeLockSubjectContext
SeReleaseSubjectContext
SeCaptureSubjectContext
MmIsDriverVerifying
SeUnlockSubjectContext
VerSetConditionMask
IoGetRelatedDeviceObject
RtlUnicodeStringToAnsiString
RtlInsertElementGenericTableFull
RtlInitString
RtlDeleteElementGenericTable
RtlCompareString
_wcslwr
ZwOpenDirectoryObject
ZwSetEvent
_vsnwprintf
RtlFreeAnsiString
RtlCopyString
RtlEqualString
strrchr
KeTickCount
wcsspn
DbgPrintEx
RtlInitializeGenericTable
memset

Exports

Exports

__KeRemoveQueue@4
__KeRemoveQueueEx@0
__KeRundownQueue@4

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 324B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 432B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ