360044f09380d16b4d345eae7f09c7d2_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

360044f09380d16b4d345eae7f09c7d2_JaffaCakes118
Size

33KB
MD5

360044f09380d16b4d345eae7f09c7d2
SHA1

6b7b8ab8706ba6bf49a43aee991ee0bb384372d8
SHA256

87d131b42881e2ab6292a313255699174f5e8342050318dc54417b83af88b7ef
SHA512

4a14adf4bb5810c5814d7bbb9ab0b03bc99c530a008670f2a9cd379ba71c0043ace026c1a2721e5a6d3baa771f6a45d119612913c234341abb811b00ccca4f38
SSDEEP

768:Qd0nL9MLvayhuXNavXVuAN00ct433LD98I2/MNCTf:Qd92pNAoAiZEF8ISz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
360044f09380d16b4d345eae7f09c7d2_JaffaCakes118

Files

360044f09380d16b4d345eae7f09c7d2_JaffaCakes118
.dll windows:5 windows x86 arch:x86

8d15c6877f983888fc3abb64ea4ab909

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

SeLockSubjectContext
SeReleaseSubjectContext
SeCaptureSubjectContext
MmIsDriverVerifying
SeUnlockSubjectContext
VerSetConditionMask
RtlSetDaclSecurityDescriptor
RtlUnicodeStringToAnsiString
RtlInsertElementGenericTableFull
RtlInitString
RtlDeleteElementGenericTable
RtlCompareString
ZwSetEvent
_vsnwprintf
ZwDuplicateObject
RtlFreeAnsiString
RtlCopyString
_wcsrev
RtlEqualString
strrchr
KeTickCount
wcsspn
DbgPrintEx
RtlInitializeGenericTable
memset

Exports

Exports

__KeInsertHeadQueue@4
__KeInsertQueue@0
__KeReadStateQueue@4

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 328B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 412B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ