ac72badf0815b7c2207516cb1a9c23e9_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ac72badf0815b7c2207516cb1a9c23e9_JaffaCakes118
Size

42KB
MD5

ac72badf0815b7c2207516cb1a9c23e9
SHA1

2576c634f3a243d2955d1e8128a2621386203842
SHA256

984cc4039745528e17c94711044274904ab42dbed9e6ac8fd936821a72738d5f
SHA512

c861cab1ee8eea99d1d863cfae7aa9ae571b67ea8b540a61e986f3c1fe9514289b1ee665ffe1bdb4da7e7a2c00dcf515f8a3644ece027435e41849378c742e07
SSDEEP

768:m6AI4YecJLHgP65DvMRegL8VnVGxW7Xf4sHQjXh20RGKW5IJNTf:m6m/Ksi5DvkL8VcOtQjRzwp5k

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ac72badf0815b7c2207516cb1a9c23e9_JaffaCakes118

Files

ac72badf0815b7c2207516cb1a9c23e9_JaffaCakes118
.dll windows:5 windows x86 arch:x86

8d15c6877f983888fc3abb64ea4ab909

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

SeLockSubjectContext
SeReleaseSubjectContext
SeCaptureSubjectContext
MmIsDriverVerifying
SeUnlockSubjectContext
VerSetConditionMask
RtlSetDaclSecurityDescriptor
RtlUnicodeStringToAnsiString
RtlInsertElementGenericTableFull
RtlInitString
RtlDeleteElementGenericTable
RtlCompareString
ZwSetEvent
_vsnwprintf
ZwDuplicateObject
RtlFreeAnsiString
RtlCopyString
_wcsrev
RtlEqualString
strrchr
KeTickCount
wcsspn
DbgPrintEx
RtlInitializeGenericTable
memset

Exports

Exports

__KeInitializeMutant@4
__KeQueryOwnerMutant@0
__KeReadStateMutant@4

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 332B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 414B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ