f070f006f48ca8909ace9745ea1b4a57_JaffaCakes118 | Triage

Sharing

General

Target

f070f006f48ca8909ace9745ea1b4a57_JaffaCakes118
Size

5KB
MD5

f070f006f48ca8909ace9745ea1b4a57
SHA1

85ba4abb04cf9951ad07861efeb16ef317de4c39
SHA256

3e419819d4c50e96a8766d89d264ab734d9fb1a8b4e8799696c27c9f4d57a610
SHA512

b5824219c0929d7ae5f31671ddb06f581dfa22c1a5d3f3b75bdacd8d743c595dc9e100bce6eeafb31ea1c817a1427b645fa59dda22a104e961e94d422e2e4df7
SSDEEP

48:q1mxrY0ydXlqIVapTfNc9CihbbbLsvTgVc/nPRogM/:nWd5VaJVcv/bLoPeP/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f070f006f48ca8909ace9745ea1b4a57_JaffaCakes118

Files

f070f006f48ca8909ace9745ea1b4a57_JaffaCakes118
.dll windows:4 windows x86 arch:x86

cb9f49ef13ce33949057a37072909e07

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

IofCompleteRequest
ZwClose
ZwUnmapViewOfSection
ExAllocatePoolWithTag
ZwMapViewOfSection
ZwOpenSection
RtlInitUnicodeString
memcpy
MmIsAddressValid
ObfDereferenceObject
ZwAllocateVirtualMemory
ObOpenObjectByPointer
PsLookupProcessByProcessId
IoDeleteDevice
IoDeleteSymbolicLink
PsSetCreateProcessNotifyRoutine
IoCreateSymbolicLink
IoCreateDevice

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 748B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ