291092ff2af014ae877ed0a788a68234_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

291092ff2af014ae877ed0a788a68234_JaffaCakes118
Size

72KB
MD5

291092ff2af014ae877ed0a788a68234
SHA1

afe474136dd84d99c3dac90efa53e0715b40d851
SHA256

a5d6cdd81cbfcd8723a6ed58f87a9b2e85dcc340b3750566793404f5b043dc7c
SHA512

c307f09432a83b204a7612e088b56ecb16a5f52a2ae46e994340fd44f453eb1a9781df6d559e59e1e3f124b0f8ffa6b6bf6618a4396a9aabfbad9882adf621c3
SSDEEP

1536:bsSCa8j4jkAcKMXV5fQljRd09Kt0n7n2f6i9wSiKP+8DL+VnPC7:gSXnsJK09KWD2iFKP+a+JC7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
291092ff2af014ae877ed0a788a68234_JaffaCakes118

Files

291092ff2af014ae877ed0a788a68234_JaffaCakes118
.dll windows:4 windows x86 arch:x86

9c77ecd917abdaf26d819e2bf99dfbb5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

ZwDeleteKey
CcMdlReadComplete
ExAllocateFromPagedLookasideList
RtlClearBits
RtlDescribeChunk
FsRtlNotifyCleanup
SeAppendPrivileges

Sections

.data
Size: - Virtual size: 84KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 230B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ