4bbade6734af51a59b22e883fcd74e0a_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4bbade6734af51a59b22e883fcd74e0a_JaffaCakes118
Size

134KB
MD5

4bbade6734af51a59b22e883fcd74e0a
SHA1

28bd3e6be2ba38c91e49399ff349539ab73a104b
SHA256

162976f0dafd2a3cde064bd2e9a024cce1df62d4c32f09c8fcf133494b9baec7
SHA512

46c3606ac3a7a397ab351268937a9cbe66a5d9b8aff1d14ffbd6b933f76b2f71e84315eed3b0eb499a95ff6fbb1237db062449eb8b4bdad92f5fd8b8c60066af
SSDEEP

3072:ME5mt0i6p4OVTR4eLn6UTj77fcp6ULbxdnGzti5Qv2BT6F8Rc1Etk:M3t09XPesj7T0LbxdGztijT6FL1Eq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4bbade6734af51a59b22e883fcd74e0a_JaffaCakes118

Files

4bbade6734af51a59b22e883fcd74e0a_JaffaCakes118
.dll windows:1 windows x86 arch:x86

4a8f74da9cd0b77f7f622438c43d7e15

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

_except_handler3
MmMapLockedPagesSpecifyCache
ObReferenceObjectByHandle
RtlUnicodeStringToAnsiSize
RtlAnsiCharToUnicodeChar
ExAllocatePoolWithTag
NlsOemCodePage
ZwDeviceIoControlFile
PsGetProcessJob
IoGetCurrentProcess
ZwRestoreKey
strstr
strncmp
strncpy
DbgPrint
PoRegisterSystemState
wcsncpy
IoGetBootDiskInformation
ZwQuerySystemInformation
KeBugCheckEx
ExFreePoolWithTag
KeQueryTimeIncrement
KeTickCount
RtlInsertElementGenericTable
ObfReferenceObject

Sections

.data
Size: 132KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 640B - Virtual size: 640B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 800B - Virtual size: 782B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 192B - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE