b0e1d5aba3cf3bab121fb7e849d0a238_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b0e1d5aba3cf3bab121fb7e849d0a238_JaffaCakes118
Size

133KB
MD5

b0e1d5aba3cf3bab121fb7e849d0a238
SHA1

cf15fd251cb38873f593f5cad9bdcce779977788
SHA256

c92d5db064e5732d93410e7c4c684e6b485f7807a7b69775ec5594897c8c22fa
SHA512

1a0eb3be864408545709c6305b80a0ce33be0bf430ff0b8b6ec600c774d1ba5d024fb13ccbaf8126827a76a06d7c40818e10907a21bc1bcd3675b05c69b69215
SSDEEP

1536:6EOJ+7rt88O0Zxzpo0HiwA6/vHPvCaAc3J+/og+9GM0ug3Yo7MaQFpUwVU6nIR/f:1lG8O0bpo0CwlPCaNY+QFxwBFpUYmWA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b0e1d5aba3cf3bab121fb7e849d0a238_JaffaCakes118

Files

b0e1d5aba3cf3bab121fb7e849d0a238_JaffaCakes118
.dll windows:1 windows x86 arch:x86

6429dcc0dfc8050b46f8199d5e637912

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

RtlAnsiCharToUnicodeChar
KeBugCheckEx
ZwQuerySystemInformation
_except_handler3
ExFreePoolWithTag
MmMapLockedPagesSpecifyCache
DbgPrint
strncmp
strstr
ObReferenceObjectByHandle
ExAllocatePoolWithTag
KeQueryTimeIncrement
KeTickCount
wcsncpy
strncpy
IoGetCurrentProcess
ObfReferenceObject

Sections

.data
Size: 130KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 160B - Virtual size: 147B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 544B - Virtual size: 528B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 160B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE