2326d5f124fb76277426904fc7a58fba_JaffaCakes118 | Triage

Sharing

General

Target

2326d5f124fb76277426904fc7a58fba_JaffaCakes118
Size

45KB
MD5

2326d5f124fb76277426904fc7a58fba
SHA1

c891943f8c17fba2a59ac8732b7e7c5e67b34bdf
SHA256

19e1407c9962f6d2a63e9c5fd3b720b4771b9b6ec9beab68f43fe5444b815111
SHA512

91ff7b83409c29ba13c2a0005f430fdd62ca90c2a33c7c459a24e41d80aecb0fc1e3764acb920d1248485d1ad18c3115423e7f0870d7882a26f7ae2a28adff43
SSDEEP

768:FbmQ7xIiFMLPLLYXpLmZm5X/LWD1r3PRnM6ZpuXLdJSzGliOX0blXLxyob:FbmQWLPAX8E5K5nM6XuXRIzGiOkbpxd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2326d5f124fb76277426904fc7a58fba_JaffaCakes118

Files

2326d5f124fb76277426904fc7a58fba_JaffaCakes118
.dll windows:4 windows x86 arch:x86

bed2d3adeb854b75978222996d4bbc05

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

RtlInitUnicodeString
SeCreateClientSecurityFromSubjectContext
ZwPowerInformation
KeI386AllocateGdtSelectors
InitSafeBootMode
IoReportHalResourceUsage
InterlockedDecrement
RtlxOemStringToUnicodeSize
InterlockedIncrement
NtOpenProcess
KeI386SetGdtSelector
InbvIsBootDriverInstalled
RtlUnicodeStringToOemSize

Sections

.text
Size: 3KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 441B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 736B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 102B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ