29c84d59900c0059f5ce7bb2279ff93a_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

29c84d59900c0059f5ce7bb2279ff93a_JaffaCakes118
Size

56KB
MD5

29c84d59900c0059f5ce7bb2279ff93a
SHA1

c9c2c6e95628260452cbac47f2648c3e22475cfd
SHA256

f0eafa93cbfdc0122bc219a26f81d22b6c24cdc65e7fc74ac212ccbbc23552b5
SHA512

38285ed4efc6554dc7d3c961a976013af5fb4e852e58953ab71352c3be3df4baeb31e0c98c81ad6eb27499388788cc8f5df963a03b3c3e90dc23cf00da5200ad
SSDEEP

768:yj9hO5cSle9FXX0ZSb3mq5J87A34KKQPfeaD4Lx:u+cSle9Jw23/J4cP2Dx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
29c84d59900c0059f5ce7bb2279ff93a_JaffaCakes118

Files

29c84d59900c0059f5ce7bb2279ff93a_JaffaCakes118
.dll windows:4 windows x86 arch:x86

280acef007b2d55e7d71eb15d3a930d5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

KeDelayExecutionThread
RtlDecompressBuffer
KeInitializeTimerEx
ZwQuerySystemInformation
NlsOemLeadByteInfo
ExFreePool
IoAttachDeviceToDeviceStack
KeInitializeDpc
PsReturnPoolQuota
KeSynchronizeExecution
KeSetTimerEx
FsRtlMdlReadComplete
NtNotifyChangeDirectoryFile
ZwFlushVirtualMemory
RtlTimeToSecondsSince1980
IoUnregisterFsRegistrationChange
ZwCancelTimer
ZwWriteFile
KeCancelTimer
IoUnregisterFileSystem
ExAllocateFromPagedLookasideList
KeSetImportanceDpc
ExAllocatePool
KeIsExecutingDpc
strspn
IoRegisterBootDriverReinitialization
LpcRequestPort
wctomb
IoQueueWorkItem
ZwSetEvent
wcsncat
RtlCreateAcl
SeCreateClientSecurity
ZwQuerySymbolicLinkObject

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE