3e057b6cc558a20f8ff1e66d418645e6_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3e057b6cc558a20f8ff1e66d418645e6_JaffaCakes118
Size

32KB
MD5

3e057b6cc558a20f8ff1e66d418645e6
SHA1

c4b803e82ed75e2fc3b841e41195056961c33a68
SHA256

450aff6079f6ed41cb484e6337e02f1f8dc8ba8c048049ec4020d14d76bbc487
SHA512

dd37494c4e601f8d6bb4aef909e369611af4a6df6a617c9b6d2396c7161197c7fdc90192ffd9541392490b2fde75062d581814abbb2a111cfd152ff8f0474404
SSDEEP

768:9bjQEEQ7u47zq+NfDnAavyECP15YNX6No3n4STni/S2:9DPu47BBDFvyECPQJrW/t

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3e057b6cc558a20f8ff1e66d418645e6_JaffaCakes118

Files

3e057b6cc558a20f8ff1e66d418645e6_JaffaCakes118
.dll windows:5 windows x86 arch:x86

da7fe11bb56e0abf58c8166a09e7f5f6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

SeFreePrivileges
SeDeleteObjectAuditAlarm
SeOpenObjectAuditAlarm
SePrivilegeCheck
SeTokenType
VerSetConditionMask
RtlUnicodeStringToAnsiString
RtlInsertElementGenericTableFull
RtlInitString
RtlDeleteElementGenericTable
RtlCompareString
ZwSetEvent
_vsnwprintf
RtlTimeToTimeFields
RtlFreeAnsiString
RtlCopyString
RtlEqualString
strrchr
KeTickCount
IoGetTopLevelIrp
wcsspn
IoInitializeIrp
RtlInitializeGenericTable
ZwAllocateVirtualMemory
memset

Exports

Exports

__KeSetIdealProcessorThread@0
__KeSetKernelStackSwapEnable@4
__KeUnstackDetachProcess@4

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1020B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 428B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ