41ab0ad01ba9c751376cdf5b8a6a8f95_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

41ab0ad01ba9c751376cdf5b8a6a8f95_JaffaCakes118
Size

135KB
MD5

41ab0ad01ba9c751376cdf5b8a6a8f95
SHA1

152c5bb15e8a3fcfa032b8341fb92a3c183c9144
SHA256

b6539dbd91bf7221979f8a3238ef229fffbc9eaca3c6336137a6ba08154d7382
SHA512

d9ec4df5bd5bb87d584c5cba9611325804dec1814b7e890bd285de1ccd59c06156f5a312086957ad1ef1670dc6067b3341c56f223978ed281fbd68a7eb273b7d
SSDEEP

3072:w5WDxhYHlO7EDjUGJ0Bpj8dO4bYYoKxA8Z+Jp4142C4E+h:wQvYQ7ajUw0BWbbACsj2C4lh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
41ab0ad01ba9c751376cdf5b8a6a8f95_JaffaCakes118

Files

41ab0ad01ba9c751376cdf5b8a6a8f95_JaffaCakes118
.dll windows:1 windows x86 arch:x86

648be15a44a7e791bae5f3437fbe4076

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

strstr
_except_handler3
MmMapLockedPagesSpecifyCache
WmiQueryTrace
_wcsicmp
ZwQuerySystemInformation
ObReferenceObjectByHandle
KeI386GetLid
IoGetCurrentProcess
MmSizeOfMdl
wcsncpy
strncmp
SeCloseObjectAuditAlarm
FsRtlUninitializeLargeMcb
KeBugCheckEx
strncpy
RtlAnsiCharToUnicodeChar
KeTickCount
ExAllocatePoolWithTag
NtAdjustPrivilegesToken
FsRtlSyncVolumes
ObfReferenceObject
ExFreePoolWithTag
DbgPrint
KeQueryTimeIncrement

Sections

.data
Size: 132KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 672B - Virtual size: 650B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 768B - Virtual size: 750B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 192B - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE