f2278e66b2eab398d8378a8adbb1c402_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f2278e66b2eab398d8378a8adbb1c402_JaffaCakes118
Size

33KB
MD5

f2278e66b2eab398d8378a8adbb1c402
SHA1

9c56703823ba4fbbfa383bab4c54ae5cdf2de7aa
SHA256

0ec30d6ee334ef6906beda2b7ee41672eca77e7c0fdbc8a15437232fabd37122
SHA512

0bd29a83c19eeeb919847cb0bc8d9f970fb6b29d1ed6cd26a905bc47d283b17cae153c0dd1b2aa0aed995f950cd0f0bde6364142e3cd27835785fdbbe5d3736c
SSDEEP

768:G9sXSUVHKyBA3ZaPr921QiR16AhiZu3aI2pfbTf:G940nZTCiR16U3aI6H

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f2278e66b2eab398d8378a8adbb1c402_JaffaCakes118

Files

f2278e66b2eab398d8378a8adbb1c402_JaffaCakes118
.dll windows:5 windows x86 arch:x86

8d15c6877f983888fc3abb64ea4ab909

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

SeLockSubjectContext
SeReleaseSubjectContext
SeCaptureSubjectContext
MmIsDriverVerifying
SeUnlockSubjectContext
VerSetConditionMask
RtlSetDaclSecurityDescriptor
RtlUnicodeStringToAnsiString
RtlInsertElementGenericTableFull
RtlInitString
RtlDeleteElementGenericTable
RtlCompareString
ZwSetEvent
_vsnwprintf
ZwDuplicateObject
RtlFreeAnsiString
RtlCopyString
_wcsrev
RtlEqualString
strrchr
KeTickCount
wcsspn
DbgPrintEx
RtlInitializeGenericTable
memset

Exports

Exports

__KeInsertHeadQueue@4
__KeInsertQueue@0
__KeReadStateQueue@4

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 328B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 412B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ