a8c4fa2699f99dff2c1971f2f49c2867_JaffaCakes118 | Triage

Sharing

General

Target

a8c4fa2699f99dff2c1971f2f49c2867_JaffaCakes118
Size

21KB
MD5

a8c4fa2699f99dff2c1971f2f49c2867
SHA1

9eb98ce62b4422e578d5fbe99e0d2770afdd308d
SHA256

422b1485f40381c3686e1165b1d7e45f2326f0566bba006d17ff371d44be565f
SHA512

f097966be1d5ff530a0e5d125a219517a4e29729d8f52a116283bdf5334f1010844c27b54624f32db75628aafb828b13ba0b6e4391d31658e4202cf8d87fac28
SSDEEP

384:GkiI/+wyRxPz//iaLfO9mpJaVh+fDseR+3LvzgpnQJ8yhQ7Z879:lzyRxiaL29mPcwfLR2gpnQKy67Z87

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a8c4fa2699f99dff2c1971f2f49c2867_JaffaCakes118

Files

a8c4fa2699f99dff2c1971f2f49c2867_JaffaCakes118
.dll windows:5 windows x86 arch:x86

eddfb187831dc14d27065765a6bfe991

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

f:\VC5\release\kinject.pdb

Imports

ntoskrnl.exe

ZwFreeVirtualMemory
ZwAllocateVirtualMemory
ObfReferenceObject
KeInsertQueueApc
ProbeForRead
RtlEqualUnicodeString
PsGetCurrentProcessId
PsGetThreadTeb
KeGetCurrentThread
MmHighestUserAddress
ExAllocatePool
IoGetCurrentProcess
KeDelayExecutionThread
PsRemoveLoadImageNotifyRoutine
ZwClose
ZwWriteFile
RtlHashUnicodeString
swprintf
LdrFindResource_U
LdrAccessResource
ZwCreateFile
RtlInitUnicodeString
PsSetLoadImageNotifyRoutine
PsGetProcessImageFileName
ExFreePoolWithTag
KeInitializeApc
ObfDereferenceObject
memcpy
_except_handler3

hal

KfLowerIrql
KeGetCurrentIrql
KfRaiseIrql

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 298B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ