3c68d8842017060fe60d80791ddd1b29_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3c68d8842017060fe60d80791ddd1b29_JaffaCakes118
Size

135KB
MD5

3c68d8842017060fe60d80791ddd1b29
SHA1

e3bd2745250171f8a654b6bf3fea8c760b4ec2b2
SHA256

f1fb2f65368d0e6dd44bd9617ca1773769d0dcf4938fb66ecf0e7bba7bd65a28
SHA512

90b822c109891face8cd35ff3d4c25d6df7e46b194411c0f57276b0d22c1ec638d73ea040541f78f5430b0f24972500c945ac17dec45160d689270a8d4f842b2
SSDEEP

3072:jbwnMMh7XL77HZqH3Xvs0GmTNt3BPmM+Vark1QM8qz7lkPxmlKCejisQ89j:4nM+f75qH3XvRGW5PF+Ckyo+5g2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3c68d8842017060fe60d80791ddd1b29_JaffaCakes118

Files

3c68d8842017060fe60d80791ddd1b29_JaffaCakes118
.dll windows:1 windows x86 arch:x86

86a0ca7e2350cda084108144d62d457d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

KeTickCount
strstr
MmMapLockedPagesSpecifyCache
ObfReferenceObject
strncmp
wcsncpy
DbgPrint
IoConnectInterrupt
ExFreePoolWithTag
ExEventObjectType
_except_handler3
RtlAnsiCharToUnicodeChar
ObReferenceObjectByHandle
PsChargeProcessNonPagedPoolQuota
ExAllocatePoolWithTag
RtlIsValidOemCharacter
ZwCancelIoFile
InterlockedPushEntrySList
RtlLargeIntegerAdd
strncpy
ZwQuerySystemInformation
KeQueryTimeIncrement
KeBugCheckEx
RtlEqualLuid
IoGetCurrentProcess

Sections

.data
Size: 133KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 672B - Virtual size: 642B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 800B - Virtual size: 780B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 192B - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE