3730ece9f3c01fc115f92445adeaebfb_JaffaCakes118 | Triage

Sharing

General

Target

3730ece9f3c01fc115f92445adeaebfb_JaffaCakes118
Size

33KB
MD5

3730ece9f3c01fc115f92445adeaebfb
SHA1

936805e8a139d3293f37fc79d2083496ed54ea67
SHA256

1449ea95599308f7a4d8fe1f42a03f0cf16768d5b7d7eb76d70204a03d2a4584
SHA512

8f5092b7b5f11c099b0a69265f14ed1bd9a4e938dd0e53f4f654e022a5aa28dcc52656f268b2d27dec184b9be01b16bb7c407c927d463c06136f2f8e0aa88505
SSDEEP

768:5+j+xwc5taWYklfGbaxD217QDZ/PkC6vkk+U9WIFTfb:5+PciklfG2xDk7+Z/PCvJxD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3730ece9f3c01fc115f92445adeaebfb_JaffaCakes118

Files

3730ece9f3c01fc115f92445adeaebfb_JaffaCakes118
.dll windows:5 windows x86 arch:x86

e84b068c101559781dcb8627f064a89f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

SeLockSubjectContext
SeReleaseSubjectContext
SeCaptureSubjectContext
MmIsDriverVerifying
SeUnlockSubjectContext
VerSetConditionMask
IoGetRelatedDeviceObject
RtlUnicodeStringToAnsiString
RtlInsertElementGenericTableFull
RtlInitString
RtlDeleteElementGenericTable
RtlCompareString
_wcslwr
ZwOpenDirectoryObject
ZwSetEvent
_vsnwprintf
RtlFreeAnsiString
RtlCopyString
RtlEqualString
strrchr
KeTickCount
wcsspn
DbgPrintEx
RtlInitializeGenericTable
memset

Exports

Exports

__KeRemoveQueue@4
__KeRemoveQueueEx@0
__KeRundownQueue@4

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 324B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 432B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ