08abf0bde384537289a67b46ac62bf85_JaffaCakes118 | Triage

Sharing

General

Target

08abf0bde384537289a67b46ac62bf85_JaffaCakes118
Size

129KB
MD5

08abf0bde384537289a67b46ac62bf85
SHA1

1493561099899c8e0f256db42e12921bfc53c0a4
SHA256

2d27aef7ea349f45e9fbb9491fe0e6669379f46af958c12959d2e8104123132a
SHA512

fca42847e2d18f2384f9632db5be737749d8d1aaafea6f8a971c184c120b5b6da1ce9021cae9841f858651ec01df00bae63c3ed8033b30b2e70c748ea6f2d0fc
SSDEEP

3072:H2fsvPFOIZjDvCAs3cUX+lL3O9nnfSkw12IiJJQn:WfMzFvZTBO9nnfSd12IiJJQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
08abf0bde384537289a67b46ac62bf85_JaffaCakes118

Files

08abf0bde384537289a67b46ac62bf85_JaffaCakes118
.dll windows:1 windows x86 arch:x86

8a77f9da27f4b07e521f7a6207f6b5da

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

KeBugCheckEx
RtlAnsiCharToUnicodeChar
NtTraceEvent
WmiFlushTrace
MmMapLockedPagesSpecifyCache
KeTickCount
strncpy
ZwQuerySystemInformation
IoReportHalResourceUsage
DbgPrint
NtQueryInformationProcess
ObReferenceObjectByHandle
wcsncpy
strstr
strncmp
KeRemoveByKeyDeviceQueueIfBusy
ExFreePoolWithTag
_except_handler3
RtlIpv4AddressToStringExW
IoGetCurrentProcess
ExAllocatePoolWithTag
ZwSetInformationFile
ObfReferenceObject
KeQueryTimeIncrement
KeSetTargetProcessorDpc

Sections

.data
Size: 127KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 640B - Virtual size: 633B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 800B - Virtual size: 792B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 192B - Virtual size: 188B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE