3aced272bb633913210e770d706f38cd_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3aced272bb633913210e770d706f38cd_JaffaCakes118
Size

132KB
MD5

3aced272bb633913210e770d706f38cd
SHA1

732e83b418532a148af061d7c9ef8004e6f34ba4
SHA256

3e41e0dbb31c2254f6e11afc6fa3e239e2b038b88c12a2be6d2325241751e71a
SHA512

7619296d81f4833ad3b148f2d6fc28c2e660be17e24cd1fff542ffa4e8780cf90c77d262b25f72c39fa2c90fea2f3c05e54d19b6173f2a682c943903d3ad9f95
SSDEEP

1536:sGoZaajNlnwnTW9eYwj2mq6oIc5jiaT2mFpq2KioLUya/1Un7PxrWBr5cmk880wU:DokUNq60YwnSMaTjq2J4BRcsJ81wcZO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3aced272bb633913210e770d706f38cd_JaffaCakes118

Files

3aced272bb633913210e770d706f38cd_JaffaCakes118
.dll windows:1 windows x86 arch:x86

0ed1cc3c890d828df7c13d6dff4f27f1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

ZwOpenProcessToken
wcsncpy
KeQueryTimeIncrement
_except_handler3
KeBugCheckEx
ExFreePoolWithTag
IoGetCurrentProcess
DbgPrint
RtlAllocateHeap
KeTickCount
strncpy
MmUnmapReservedMapping
ObReferenceObjectByHandle
RtlAnsiCharToUnicodeChar
IoReadPartitionTable
strncmp
RtlWriteRegistryValue
ObfReferenceObject
RtlTraceDatabaseEnumerate
SeCreateAccessState
IoCreateSymbolicLink
strstr
ZwQuerySystemInformation
MmMapLockedPagesSpecifyCache
ExAllocatePoolWithTag

Sections

.data
Size: 130KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 640B - Virtual size: 634B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 800B - Virtual size: 780B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 192B - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE