7616bdff38a50cf131c6f55f057c8cd1_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7616bdff38a50cf131c6f55f057c8cd1_JaffaCakes118
Size

32KB
MD5

7616bdff38a50cf131c6f55f057c8cd1
SHA1

c6a28810db178df83caeb2a5e75c9a6ea1047a91
SHA256

92f50e51a089cfe6d0afd9d1409ba5b6b917fe29b83a446ad6ef62b3f0815fb0
SHA512

e0451ab1ab4fccd242648a3fabc3563eff9b287e0d6d8598bbb0e05749b34c9282cc051ea6046910498b57a2ce089d2a09277ff54e764143e725ee87f517502d
SSDEEP

768:kbjQEEQ7u47XaMZGp9CpWkKnWjLC/TGw+qAJ:kDPu47XxMCpVnC/TGwtU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7616bdff38a50cf131c6f55f057c8cd1_JaffaCakes118

Files

7616bdff38a50cf131c6f55f057c8cd1_JaffaCakes118
.dll windows:5 windows x86 arch:x86

da7fe11bb56e0abf58c8166a09e7f5f6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

SeFreePrivileges
SeDeleteObjectAuditAlarm
SeOpenObjectAuditAlarm
SePrivilegeCheck
SeTokenType
VerSetConditionMask
RtlUnicodeStringToAnsiString
RtlInsertElementGenericTableFull
RtlInitString
RtlDeleteElementGenericTable
RtlCompareString
ZwSetEvent
_vsnwprintf
RtlTimeToTimeFields
RtlFreeAnsiString
RtlCopyString
RtlEqualString
strrchr
KeTickCount
IoGetTopLevelIrp
wcsspn
IoInitializeIrp
RtlInitializeGenericTable
ZwAllocateVirtualMemory
memset

Exports

Exports

__KeSetIdealProcessorThread@0
__KeSetKernelStackSwapEnable@4
__KeUnstackDetachProcess@4

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1020B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 428B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ