94f62c7414e2519668e02dfb1d5081ad_JaffaCakes118 | Triage

Sharing

General

Target

94f62c7414e2519668e02dfb1d5081ad_JaffaCakes118
Size

70KB
MD5

94f62c7414e2519668e02dfb1d5081ad
SHA1

80817b97898f88a4bc64d263ad094ee8624c3342
SHA256

9e60548ac0a7c49c8db401aa7aacee93ce924dd4112c65190de6c963e77e8d28
SHA512

5e9c650304c0f505497da46b3dc36cde67bd78946a772d5f860de4b7b917f8d7914a1233080ea87aeebd76b94e1a48161265923e58c89f83da4dc0eb2ce0542b
SSDEEP

1536:11rIjZGFluPaA+XlJhU/3XCjIWSeSaYAD/dvJchv3GIy1OY1:1lIl2uMQmKerlwuHUw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
94f62c7414e2519668e02dfb1d5081ad_JaffaCakes118

Files

94f62c7414e2519668e02dfb1d5081ad_JaffaCakes118
.dll windows:4 windows x86 arch:x86

31374259a8dc3528765186503a21457d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

KeIsExecutingDpc
KeSetAffinityThread
ObDereferenceObject
MmMapViewOfSection
KeIcacheFlushCount
KeSynchronizeExecution
KeRemoveQueueDpc
RtlRandom
IoCheckEaBufferValidity
NtQueryInformationFile

hal

HalRequestSoftwareInterrupt
HalAcquireDisplayOwnership
HalSetRealTimeClock
HalGetInterruptVector
KeFlushWriteBuffer
HalDisplayString
HalEnableSystemInterrupt

Sections

.data
Size: - Virtual size: 84KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 541B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ