09cea1336bb50c7991d11ba0508c9cb5_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

09cea1336bb50c7991d11ba0508c9cb5_JaffaCakes118
Size

132KB
MD5

09cea1336bb50c7991d11ba0508c9cb5
SHA1

2fada6ba96a106056ec0484cf206c4f23a767ee7
SHA256

5db134d3a47d23c682c770db8ad9e1d03cccf9db72a1231026e011f466c8ccb9
SHA512

c609e4a09932f7c3fc5a572bc33d541b7b4ee383509a07c14eaf3c6dbd8c0b1209af299092002d6b782d3c127c7f6cd76da90f9d4f0ed325c844be04acbaaa7c
SSDEEP

3072:WykkyMzR82mXEwdbGh1C2Va789gNFQIQKAlA+3Q:WZMR82mXEwdyh1CYahUIQJlA+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
09cea1336bb50c7991d11ba0508c9cb5_JaffaCakes118

Files

09cea1336bb50c7991d11ba0508c9cb5_JaffaCakes118
.dll windows:1 windows x86 arch:x86

9bb2b1ee216f545d3a3019dbd931f935

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

ObReferenceObjectByHandle
KeQueryTimeIncrement
DbgPrint
strncmp
_except_handler3
strstr
RtlAnsiCharToUnicodeChar
ObfReferenceObject
IoGetCurrentProcess
MmMapLockedPagesSpecifyCache
ZwQuerySystemInformation
KeTickCount
ExAllocatePoolWithTag
KeBugCheckEx
strncpy
wcsncpy
ExFreePoolWithTag

Sections

.data
Size: 130KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 160B - Virtual size: 144B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 544B - Virtual size: 528B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 160B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE