ae7e6fbd76c1c9a41c5a2946850db24f_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ae7e6fbd76c1c9a41c5a2946850db24f_JaffaCakes118
Size

5KB
MD5

ae7e6fbd76c1c9a41c5a2946850db24f
SHA1

602cc3a5cdbbde3949e792f2c96ed5f02d869b04
SHA256

eda6ee4976b87e817c4e15c50ad1abf0392ce7c35be32a261289005f60a97471
SHA512

4649012d504989ec9d22242c8f16d368fe35860198ebcc7fedd80063d4531742a2d28f2cfd2ae5a7f07b172a2d70ee6e88b95ec823e04e80df49816b0f9a839d
SSDEEP

48:iiPr0ra1YiMcEOzbSCkFuz80kUw5/I3/78+UhqPsSt/L5yDvD0TgwiV8/vRh:n0e1YvzOzbSRUFW0j9uGL5ybDA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ae7e6fbd76c1c9a41c5a2946850db24f_JaffaCakes118

Files

ae7e6fbd76c1c9a41c5a2946850db24f_JaffaCakes118
.dll windows:5 windows x86 arch:x86

3310eb3528ee14b8fb7efcec7c2edce5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

IofCompleteRequest
ObfDereferenceObject
ZwClose
ZwAllocateVirtualMemory
ObOpenObjectByPointer
PsLookupProcessByProcessId
MmIsAddressValid
ZwOpenProcess
KeServiceDescriptorTable
ExAllocatePoolWithTag
PsSetCreateProcessNotifyRoutine
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
RtlInitUnicodeString

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 612B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 132B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 158B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ