a6cedc480a12e562982e0a7bcd61205b_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a6cedc480a12e562982e0a7bcd61205b_JaffaCakes118
Size

33KB
MD5

a6cedc480a12e562982e0a7bcd61205b
SHA1

09c847339d8c3d6d15baf0eb5ba79629ab1e071a
SHA256

9c48aba3e47625579629ea34f1fe28893e519155e5f2934a35c214dfffa43e73
SHA512

955349320662cdd7104c494df15cc2629cf1017de68fabd6ab7f299afd7b63578ddc58bb3c153d15e7f1c940bff28c6f661fb8d28da4207926c7daecacab61b9
SSDEEP

768:J89DhmFx7/xU2XRCDtYPL58hKbuDwmN1qLm+NFyq5JLTf:J83mFxrq20Dqx6DNQLpQWd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a6cedc480a12e562982e0a7bcd61205b_JaffaCakes118

Files

a6cedc480a12e562982e0a7bcd61205b_JaffaCakes118
.dll windows:5 windows x86 arch:x86

e84b068c101559781dcb8627f064a89f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

SeLockSubjectContext
SeReleaseSubjectContext
SeCaptureSubjectContext
MmIsDriverVerifying
SeUnlockSubjectContext
VerSetConditionMask
IoGetRelatedDeviceObject
RtlUnicodeStringToAnsiString
RtlInsertElementGenericTableFull
RtlInitString
RtlDeleteElementGenericTable
RtlCompareString
_wcslwr
ZwOpenDirectoryObject
ZwSetEvent
_vsnwprintf
RtlFreeAnsiString
RtlCopyString
RtlEqualString
strrchr
KeTickCount
wcsspn
DbgPrintEx
RtlInitializeGenericTable
memset

Exports

Exports

__KeAttachProcess@4
__KeDetachProcess@0
__KeStackAttachProcess@4

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 332B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 432B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ