19859efefaeb78eee025416f5c681a1b_JaffaCakes118 | Triage

Sharing

General

Target

19859efefaeb78eee025416f5c681a1b_JaffaCakes118
Size

133KB
MD5

19859efefaeb78eee025416f5c681a1b
SHA1

25633640668437cef02d0934a625cdcaa0f566a0
SHA256

99aad8c264c48a9d3a43f48b66362c9b9b0cc865514d6626a84a54b46505f4df
SHA512

801874a1736dfa41f520135f3506998ed0f11b54e7163e4b12486c35daf7452fc87c6872b8800bf413ecca5f15621aa582ecc90a897bbbeb363ae97c01fa52e2
SSDEEP

3072:2foFnzrLXJ74JP/A34j3RV46KOXkILajU0J+2XhrjXTLj:2foVzrLXh4JLjmOBajU0J+2RXT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
19859efefaeb78eee025416f5c681a1b_JaffaCakes118

Files

19859efefaeb78eee025416f5c681a1b_JaffaCakes118
.dll windows:1 windows x86 arch:x86

8c84ebb385a5cd95727a5425b67a7d22

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

RtlAnsiCharToUnicodeChar
strstr
ObReferenceObjectByHandle
strncmp
strncpy
KeBugCheckEx
KeTickCount
DbgPrint
wcsncpy
ExFreePoolWithTag
IoGetCurrentProcess
ZwQuerySystemInformation
KeQueryTimeIncrement
ObfReferenceObject
_except_handler3
ExAllocatePoolWithTag
MmMapLockedPagesSpecifyCache

Sections

.data
Size: 130KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 160B - Virtual size: 147B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 544B - Virtual size: 528B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 192B - Virtual size: 170B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE