f7f2442bcfbd5822cb17a1a4d23cda20_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f7f2442bcfbd5822cb17a1a4d23cda20_JaffaCakes118
Size

46KB
MD5

f7f2442bcfbd5822cb17a1a4d23cda20
SHA1

831a43b32c097952c0f336ab7ae99ad4639c5ed7
SHA256

0871d04f328abda024f09257de8e5c3e8417a2a87e61d36942dc672ec3f27018
SHA512

4a7e1f1036926470f9a9c9b1b5de05aa42c90d0e750c587fe3a6dff4a801b54c9e9aaa4ff3a1c730797ffeb410635746cf431c7adf79ddedfc41841381f489d8
SSDEEP

768:FgZ80x3BU/bbjUHP+N33iK+TkggeShcXfKCK440rJxyZ1b:F0IbbjymJ3qTseRXiCKWdxq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f7f2442bcfbd5822cb17a1a4d23cda20_JaffaCakes118

Files

f7f2442bcfbd5822cb17a1a4d23cda20_JaffaCakes118
.dll windows:4 windows x86 arch:x86

ffcf7e69400eea9c17fb42ad44b38cb0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

ZwDeleteKey
FsRtlInitializeTunnelCache
SeSetSecurityDescriptorInfoEx
IoCreateSymbolicLink
ExAllocateFromPagedLookasideList
FsRtlDoesDbcsContainWildCards
ExAcquireSharedStarveExclusive
wcsrchr
WRITE_REGISTER_BUFFER_USHORT
ZwFlushInstructionCache
MmAllocateContiguousMemorySpecifyCache

hal

HalReadDmaCounter
HalSetRealTimeClock
IoWritePartitionTable
HalEnableSystemInterrupt
IoSetPartitionInformation
KeRaiseIrqlToDpcLevel
HalSetEnvironmentVariable
READ_PORT_BUFFER_USHORT
HalFlushCommonBuffer
HalStopProfileInterrupt
HalAdjustResourceList

Sections

.text
Size: 3KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 755B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 736B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 98B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ