f70cb165e066174f706ce08c11d94c6a_JaffaCakes118 | Triage

Sharing

General

Target

f70cb165e066174f706ce08c11d94c6a_JaffaCakes118
Size

42KB
MD5

f70cb165e066174f706ce08c11d94c6a
SHA1

56c19c5ac8e2f393db986f6ec980e4c5f3410bcc
SHA256

ddd6bee9e74ab6fb417fb3f96d59e622d1c72dd16335c458dfe15756bb0494e0
SHA512

af1b72dea9837c55a8626908485c4a801c0ca415c1c55fdaa1feea5049659b73262e888a7bfea6f28405d04c08751894289333478dfcdd124db22dad2329281e
SSDEEP

768:489DhmFx7/LUmnJNiONyDSL2BHRPoId1KCsG7i/Sgi3JDBWIGgm1gBO:483mFxro+Jr6SLYHRPoWdscijobGgzY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f70cb165e066174f706ce08c11d94c6a_JaffaCakes118

Files

f70cb165e066174f706ce08c11d94c6a_JaffaCakes118
.dll windows:5 windows x86 arch:x86

e84b068c101559781dcb8627f064a89f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

SeLockSubjectContext
SeReleaseSubjectContext
SeCaptureSubjectContext
MmIsDriverVerifying
SeUnlockSubjectContext
VerSetConditionMask
IoGetRelatedDeviceObject
RtlUnicodeStringToAnsiString
RtlInsertElementGenericTableFull
RtlInitString
RtlDeleteElementGenericTable
RtlCompareString
_wcslwr
ZwOpenDirectoryObject
ZwSetEvent
_vsnwprintf
RtlFreeAnsiString
RtlCopyString
RtlEqualString
strrchr
KeTickCount
wcsspn
DbgPrintEx
RtlInitializeGenericTable
memset

Exports

Exports

__KeAttachProcess@4
__KeDetachProcess@0
__KeStackAttachProcess@4

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 332B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 432B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ