70b052c60729b4d10da125a8b7a4140f_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

70b052c60729b4d10da125a8b7a4140f_JaffaCakes118
Size

132KB
MD5

70b052c60729b4d10da125a8b7a4140f
SHA1

df1cdf68ec2199304540ae41a0fecb02394789dc
SHA256

1244f9bb28f8b36a8efa6fb85fb0066e37deca47dfc324819e04acaf20843be1
SHA512

c9c539e0f126599792785e158095c1e1a7be86d8cd1555c0fd7ae72df788198f52fd9ee682bde180c4b93bbc206236ec2e09c0e4c8d91a7e509cbc366db286a0
SSDEEP

3072:odVOCQfY1gxZhAIc17U4LXiAuoYiKsCXmQ53:GVOCQA1+ZI17U4LioYiKPmQN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
70b052c60729b4d10da125a8b7a4140f_JaffaCakes118

Files

70b052c60729b4d10da125a8b7a4140f_JaffaCakes118
.dll windows:1 windows x86 arch:x86

682fa059b9d122a07d5eb6ffe2e6b2ef

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

strstr
ExAllocatePoolWithTag
ExFreePoolWithTag
wcsncpy
strncmp
KeQueryTimeIncrement
KeTickCount
_except_handler3
IoGetCurrentProcess
DbgPrint
KeBugCheckEx
ObReferenceObjectByHandle
strncpy
RtlAnsiCharToUnicodeChar
MmMapLockedPagesSpecifyCache
ObfReferenceObject
ZwQuerySystemInformation

Sections

.data
Size: 130KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 160B - Virtual size: 147B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 544B - Virtual size: 528B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 160B - Virtual size: 154B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE