4bdf97a55fee7ba3bc0ecbb8416f0a29_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4bdf97a55fee7ba3bc0ecbb8416f0a29_JaffaCakes118
Size

134KB
MD5

4bdf97a55fee7ba3bc0ecbb8416f0a29
SHA1

80bb2b995a262aea02318d98dac09ea8ba606ef5
SHA256

52d16e9cf93071c3bb88eadba8101af8f1e54d58741e7b916a0b4cb30e3effbf
SHA512

a6d2d501531d89139531b08119295f4a1336b9f19920f5bde2f03b6a79884ca6c9c8a3cceaf9768e391f46d781e0e46f2f493b8fd609d60807e04a65c531ef3a
SSDEEP

3072:/YWdHu+A78tuSdj40barBbVNfQ8Yq4CX9enBAgjQIxVcJb0lGzbEKL/4B:h27wuoVgpfgqXNDWVcJb0WbFAB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4bdf97a55fee7ba3bc0ecbb8416f0a29_JaffaCakes118

Files

4bdf97a55fee7ba3bc0ecbb8416f0a29_JaffaCakes118
.dll windows:1 windows x86 arch:x86

ff058d921ddc62f0ada5f66eea2123ad

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

MmCreateMdl
FsRtlPrivateLock
KeTickCount
RtlInt64ToUnicodeString
KeBugCheckEx
strncpy
strstr
ObfReferenceObject
ZwQuerySystemInformation
KeRaiseUserException
RtlAddAccessAllowedAce
IoGetCurrentProcess
KeQueryTimeIncrement
_except_handler3
MmMapLockedPagesSpecifyCache
wcsncpy
RtlIpv6StringToAddressA
DbgPrint
strncmp
ExFreePoolWithTag
IoGetRequestorProcessId
ObReferenceObjectByHandle
ExRaiseAccessViolation
RtlAnsiCharToUnicodeChar
ExAllocatePoolWithTag

Sections

.data
Size: 132KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 640B - Virtual size: 632B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 800B - Virtual size: 780B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 192B - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE