3db332a9cf995a8fe89f038a928257b9_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3db332a9cf995a8fe89f038a928257b9_JaffaCakes118
Size

32KB
MD5

3db332a9cf995a8fe89f038a928257b9
SHA1

4e5e9d752ca5ea670cdb54ac1441be520bb267b3
SHA256

ca880c40d870d13c28da5cbf4a205b88e00a0b3317f8c5dcc89e0bca2c02e28c
SHA512

a5c591ae740211951ba3b5a70a97583a45a1e9532193afb9d3a10be1ea74a5d191007a4db2515f7330486d430918064c54c44298b22edbae4cb2efd38140d6ad
SSDEEP

768:vSdE2KPTeVY7nP0fOTLkpmiYG5XGYI3HK/sIB:vSdETPaYbRLOmiz5XHX/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3db332a9cf995a8fe89f038a928257b9_JaffaCakes118

Files

3db332a9cf995a8fe89f038a928257b9_JaffaCakes118
.dll windows:5 windows x86 arch:x86

2ebefc5eb6d0bbe38c9e349baf459d53

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

f:\VC5\release\kinject.pdb

Imports

ntoskrnl.exe

ZwFreeVirtualMemory
ZwAllocateVirtualMemory
ObfReferenceObject
KeInsertQueueApc
ProbeForRead
RtlEqualUnicodeString
PsGetCurrentProcessId
PsGetThreadTeb
KeGetCurrentThread
MmHighestUserAddress
ExAllocatePool
IoGetCurrentProcess
KeDelayExecutionThread
PsRemoveLoadImageNotifyRoutine
ZwClose
ZwWriteFile
swprintf
LdrFindResource_U
LdrAccessResource
ZwCreateFile
RtlInitUnicodeString
RtlHashUnicodeString
PsSetLoadImageNotifyRoutine
PsGetProcessImageFileName
ExFreePoolWithTag
KeInitializeApc
ObfDereferenceObject
memcpy
_except_handler3

hal

KfLowerIrql
KeGetCurrentIrql
KfRaiseIrql

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 116B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ