27b2fceba6f414462fb56eb329c6b1a4_JaffaCakes118 | Triage

Sharing

General

Target

27b2fceba6f414462fb56eb329c6b1a4_JaffaCakes118
Size

33KB
MD5

27b2fceba6f414462fb56eb329c6b1a4
SHA1

14c3dd136bc339e5e8549ed92760d84d7a76eccb
SHA256

fd25899df792802c3fb66693d5c2464decabf1d8a6b217827ee002d67ef21455
SHA512

db5bedbb2925172843f1a67b8ebfc6ed941801aad73b18bf7be60efd0090297f3d97c7a51caad61b08e06cb65cce3f884d063e496413d1beafc17503b2a568ea
SSDEEP

768:m9sXSUVHKyBj3ZaPr921QiR16AhiZu3aI2pfzVTf:m940MZTCiR16U3aI6N

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
27b2fceba6f414462fb56eb329c6b1a4_JaffaCakes118

Files

27b2fceba6f414462fb56eb329c6b1a4_JaffaCakes118
.dll windows:5 windows x86 arch:x86

8d15c6877f983888fc3abb64ea4ab909

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

SeLockSubjectContext
SeReleaseSubjectContext
SeCaptureSubjectContext
MmIsDriverVerifying
SeUnlockSubjectContext
VerSetConditionMask
RtlSetDaclSecurityDescriptor
RtlUnicodeStringToAnsiString
RtlInsertElementGenericTableFull
RtlInitString
RtlDeleteElementGenericTable
RtlCompareString
ZwSetEvent
_vsnwprintf
ZwDuplicateObject
RtlFreeAnsiString
RtlCopyString
_wcsrev
RtlEqualString
strrchr
KeTickCount
wcsspn
DbgPrintEx
RtlInitializeGenericTable
memset

Exports

Exports

__KeInsertHeadQueue@4
__KeInsertQueue@0
__KeReadStateQueue@4

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 328B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 412B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ