429a319b0d2d05ddba3e69c303aff24b_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

429a319b0d2d05ddba3e69c303aff24b_JaffaCakes118
Size

37KB
MD5

429a319b0d2d05ddba3e69c303aff24b
SHA1

c61d0491f6320316980cb540cc49e3b38b6a493f
SHA256

b46a605d80990c04484020890d70e6f24c7abc2b19da75e0a86fac61dd154af5
SHA512

14e7882d9922cd16ad0d967a3306e7f0b81bbb05db5eb71c501bad1771be73a69f860d0502cbc2d4e2c30f53cfaa91bec4dbd552165e8fe83ee2358d519edf4f
SSDEEP

768:kHVifw52ceCwx6nG6IkDDjZBy5KGbGM4LUzHFvO77:YVi4hefcosZBy5bN4WE77

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
429a319b0d2d05ddba3e69c303aff24b_JaffaCakes118

Files

429a319b0d2d05ddba3e69c303aff24b_JaffaCakes118
.dll windows:4 windows x86 arch:x86

a5db48aaff2c279b631f0b526eee3696

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

NtQueryInformationProcess
IoFreeMdl
KeQueryTimeIncrement
CcMapData
vsprintf
RtlImageNtHeader

hal

HalStartProfileInterrupt
HalRequestSoftwareInterrupt
KdComPortInUse
KeRaiseIrqlToDpcLevel
IoMapTransfer
IoFreeAdapterChannel
KeAcquireSpinLockRaiseToSynch
HalStartNextProcessor
HalQueryDisplayParameters
HalSetDisplayParameters
HalSystemVectorDispatchEntry
KfLowerIrql
HalAllocateCrashDumpRegisters
HalSetProfileInterval
HalGetEnvironmentVariable
READ_PORT_BUFFER_USHORT
READ_PORT_UCHAR
READ_PORT_ULONG

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 780B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 728B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 14B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ