b3e6b7bd2b127df9ca8222d88718c535_JaffaCakes118 | Triage

Sharing

General

Target

b3e6b7bd2b127df9ca8222d88718c535_JaffaCakes118
Size

80KB
MD5

b3e6b7bd2b127df9ca8222d88718c535
SHA1

7b9e9c4e22775e474fb25f016f8f7b0cb0248dd5
SHA256

053abb55e91c7a9c8aaabd8dac102e662de52d86d2cd140033c827661fe4538d
SHA512

7f509748d7eb1e43ddda6159f282eb6f53584d215c179af52bce2a96a4577bd8f6405c8cd5449aab26c1fc68f7b5fdd5d4f8c50439420edf5fedcfb33416aa49
SSDEEP

1536:UsatYd/n2QEAvECy9JyEzDXP3pwhY/bHhw7KrOR/tVLTpzCT8:Uv2/2QNcCybzDAcbBwWM/nTpW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b3e6b7bd2b127df9ca8222d88718c535_JaffaCakes118

Files

b3e6b7bd2b127df9ca8222d88718c535_JaffaCakes118
.dll windows:4 windows x86 arch:x86

1f86a19c713153b3ccdc48e2d8972265

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

hal

KeQueryPerformanceCounter

ntoskrnl.exe

MmQuerySystemSize
KeInitializeTimer
IoGetCurrentProcess
KeInitializeSpinLock
KeGetCurrentThread
KeInitializeMutex
PsGetCurrentProcessId
PsGetVersion
KeInitializeEvent
KeQueryActiveProcessors
PsGetCurrentThreadId
memcpy
memset
KeTickCount

Sections

.text
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 270B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 14B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 512B - Virtual size: 450B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 896B - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ