25e538f23a2ff53de7de7c4c1e9e945d_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

25e538f23a2ff53de7de7c4c1e9e945d_JaffaCakes118
Size

30KB
MD5

25e538f23a2ff53de7de7c4c1e9e945d
SHA1

e2f9fa82688d59db72b3db6c351cae18c2d8fa17
SHA256

1ce5050d4634e658a3f19648755822fe3fc0445e82fe2f51ccf83fbf0a14b841
SHA512

513e0e496687f07a71d9e3f6a2da26d4bbf1cbead420499415f555d25ec2f405e0af1975dc2bd9717125db48a1074dde38b89e1961e0905ed3a9fdc3fd39b33e
SSDEEP

384:PhXjSte103G+LnA249QE6TuXLHHocbbjb41gt2c6ghOwwnOWdjTfNWY:dOFc3Q8XLHXbbHUfwyn5TfZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
25e538f23a2ff53de7de7c4c1e9e945d_JaffaCakes118

Files

25e538f23a2ff53de7de7c4c1e9e945d_JaffaCakes118
.dll windows:5 windows x86 arch:x86

e2b15e71d4bc273e258193b700930c07

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

RtlStringFromGUID
ZwFsControlFile
ZwQueryFullAttributesFile
_wcsnicmp
ZwMapViewOfSection
RtlIntegerToUnicodeString
RtlCheckRegistryKey
RtlAppendUnicodeToString
RtlUnicodeStringToAnsiString
_strupr
wcsncat
MmAddPhysicalMemory
ZwSetEvent
RtlLengthSecurityDescriptor
RtlFreeAnsiString
strrchr
wcsspn
RtlxUnicodeStringToAnsiSize
ZwDeleteKey
ZwLoadDriver
MmUnmapViewInSessionSpace

Exports

Exports

__ZwLockFile@8
__ZwQuerySecurityObject@4
__ZwUnlockFile@4

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sedata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.m_drv
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 142B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 300B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ