3f4a56d7d899bdcb55976c349b9d6a09_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3f4a56d7d899bdcb55976c349b9d6a09_JaffaCakes118
Size

135KB
MD5

3f4a56d7d899bdcb55976c349b9d6a09
SHA1

27e76b6d5f0424621602893b2558310d4fa53fdd
SHA256

dc00d4b36862613cdeb2dc92e9fe0847dcacd5ca0dfd0ef7ac17dce52c81943e
SHA512

8cb0da175d6fc0ee4795b8f14a0f4287142dbafc31d39b980559f9d1cb5d1e4f207b6ae2773ad4bc2fd47b115316a853cc1b28c61f975d0e7004fbf2c97606bf
SSDEEP

3072:g5WDxhYHlO7EDjUGJ0Bpj8dO4bYYoKxA8Z+Jp4142C4E+h:gQvYQ7ajUw0BWbbACsj2C4lh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3f4a56d7d899bdcb55976c349b9d6a09_JaffaCakes118

Files

3f4a56d7d899bdcb55976c349b9d6a09_JaffaCakes118
.dll windows:1 windows x86 arch:x86

648be15a44a7e791bae5f3437fbe4076

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

strstr
_except_handler3
MmMapLockedPagesSpecifyCache
WmiQueryTrace
_wcsicmp
ZwQuerySystemInformation
ObReferenceObjectByHandle
KeI386GetLid
IoGetCurrentProcess
MmSizeOfMdl
wcsncpy
strncmp
SeCloseObjectAuditAlarm
FsRtlUninitializeLargeMcb
KeBugCheckEx
strncpy
RtlAnsiCharToUnicodeChar
KeTickCount
ExAllocatePoolWithTag
NtAdjustPrivilegesToken
FsRtlSyncVolumes
ObfReferenceObject
ExFreePoolWithTag
DbgPrint
KeQueryTimeIncrement

Sections

.data
Size: 132KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 672B - Virtual size: 650B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 768B - Virtual size: 750B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 192B - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE