0dc209dd9ec26055622a3da85a1dac2e_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0dc209dd9ec26055622a3da85a1dac2e_JaffaCakes118
Size

33KB
MD5

0dc209dd9ec26055622a3da85a1dac2e
SHA1

97350f257ade25c311d4acff0f7b4e7663854d5c
SHA256

17fa16c6576c4527e5cb5061c2ffc5bff7cc0a479ce73dec17889353fd51d5ff
SHA512

f478f98e9e0379680c8f8219166081c892f3906d123033c3673f0a233b86cf4915f66994179a88cf48738bad5138d81b3e9861801e6751f0cdfef0223f5f29b6
SSDEEP

768:3S9zhmFxbKk0+XRCDtYPL58hKbuDwmN1qLm+NFyq5/pTf:3SHmFx2x+0Dqx6DNQLpQWV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0dc209dd9ec26055622a3da85a1dac2e_JaffaCakes118

Files

0dc209dd9ec26055622a3da85a1dac2e_JaffaCakes118
.dll windows:5 windows x86 arch:x86

e84b068c101559781dcb8627f064a89f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

SeLockSubjectContext
SeReleaseSubjectContext
SeCaptureSubjectContext
MmIsDriverVerifying
SeUnlockSubjectContext
VerSetConditionMask
IoGetRelatedDeviceObject
RtlUnicodeStringToAnsiString
RtlInsertElementGenericTableFull
RtlInitString
RtlDeleteElementGenericTable
RtlCompareString
_wcslwr
ZwOpenDirectoryObject
ZwSetEvent
_vsnwprintf
RtlFreeAnsiString
RtlCopyString
RtlEqualString
strrchr
KeTickCount
wcsspn
DbgPrintEx
RtlInitializeGenericTable
memset

Exports

Exports

__KeAttachProcess@4
__KeDetachProcess@0
__KeStackAttachProcess@4

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 332B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 432B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ