68f11d7527b202eeecfebdb288a474e0_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

68f11d7527b202eeecfebdb288a474e0_JaffaCakes118
Size

6KB
MD5

68f11d7527b202eeecfebdb288a474e0
SHA1

b99d15b8121e8f7265151533da915a339588574e
SHA256

5b76d63cf36151fd031ac7022f8141c45e1cdf799fa407f8ef634be9b48f5c3f
SHA512

226cc2276faa358192e8286c6028dfb880b511b7881e7c83162b66275a16ced4783f1e2580970ec62cdb1db0f24698b0f2c47069eeed807fe714d013aaedda59
SSDEEP

96:eciEvQYBEGrrPju1VyI4SDHpBRGZtAQySXv/:F/trTiblTRGvA0v

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
68f11d7527b202eeecfebdb288a474e0_JaffaCakes118

Files

68f11d7527b202eeecfebdb288a474e0_JaffaCakes118
.sys windows:5 windows x86 arch:x86

4137062e9ff1c9ac5b8d2b79ae2e0155

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

DbgPrint
ZwWaitForSingleObject
ZwQueryDirectoryFile
wcsncat
wcsncpy
wcslen
wcscmp
ZwClose
ZwSetInformationFile
ZwQueryInformationFile
ZwOpenFile
RtlInitUnicodeString
_chkstk
ZwWriteFile
ZwReadFile
ZwCreateEvent
ZwCreateFile
ZwQueryValueKey
ZwOpenKey
NtTerminateProcess

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 704B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 400B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ