886f90988a142306ba2c80f2e7c1b03f_JaffaCakes118 | Triage

Sharing

General

Target

886f90988a142306ba2c80f2e7c1b03f_JaffaCakes118
Size

32KB
MD5

886f90988a142306ba2c80f2e7c1b03f
SHA1

705151ef3ce7fba92cbd171a3667f792461c57aa
SHA256

ae4e16fe823fa6fbe9f3d5dadddbd5649806c05044ef5d4319e6bf47f8ac0f39
SHA512

f1fc9ec8066537fed86d37511370114b3cde35d997fd482819e030b0ccaa50eb7bb49b3545c12b580e024cc9485becf0efa9b5e080b1020c39d89ebbda009f98
SSDEEP

768:cSrE2KPTeVY7nP0fOTLkpmiYG5XGYI3HK/sIB:cSrETPaYbRLOmiz5XHX/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
886f90988a142306ba2c80f2e7c1b03f_JaffaCakes118

Files

886f90988a142306ba2c80f2e7c1b03f_JaffaCakes118
.dll windows:5 windows x86 arch:x86

2ebefc5eb6d0bbe38c9e349baf459d53

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

f:\VC5\release\kinject.pdb

Imports

ntoskrnl.exe

ZwFreeVirtualMemory
ZwAllocateVirtualMemory
ObfReferenceObject
KeInsertQueueApc
ProbeForRead
RtlEqualUnicodeString
PsGetCurrentProcessId
PsGetThreadTeb
KeGetCurrentThread
MmHighestUserAddress
ExAllocatePool
IoGetCurrentProcess
KeDelayExecutionThread
PsRemoveLoadImageNotifyRoutine
ZwClose
ZwWriteFile
swprintf
LdrFindResource_U
LdrAccessResource
ZwCreateFile
RtlInitUnicodeString
RtlHashUnicodeString
PsSetLoadImageNotifyRoutine
PsGetProcessImageFileName
ExFreePoolWithTag
KeInitializeApc
ObfDereferenceObject
memcpy
_except_handler3

hal

KfLowerIrql
KeGetCurrentIrql
KfRaiseIrql

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 116B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ