bcdc122a89f91ee6d7c7d1a2aa23c85e_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bcdc122a89f91ee6d7c7d1a2aa23c85e_JaffaCakes118
Size

5KB
MD5

bcdc122a89f91ee6d7c7d1a2aa23c85e
SHA1

22e8150ec360514978062531e043515996b2632d
SHA256

2465da2f0331983a11019ff714dd6fab7fa931c52683f632c327a3eec197c27c
SHA512

e6ae3ce4f58ddf45591633be028d4f513c5bae9565a1b577a2d1b17545c7a782104e81e868c5491e0fd7a7b6ff67af5bb587b5c3535cf1450aac300b5c756087
SSDEEP

96:GFWdGVCRDdcNdDpH3i83rDGDRD+znYznSW:zRCpHyYytycu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bcdc122a89f91ee6d7c7d1a2aa23c85e_JaffaCakes118

Files

bcdc122a89f91ee6d7c7d1a2aa23c85e_JaffaCakes118
.dll windows:4 windows x86 arch:x86

f53b80d52bbc34fe92f2abb961c8b1d6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

IofCompleteRequest
ZwClose
ZwUnmapViewOfSection
ExAllocatePoolWithTag
ZwMapViewOfSection
ZwOpenSection
RtlInitUnicodeString
memcpy
MmIsAddressValid
ObfDereferenceObject
ZwAllocateVirtualMemory
ObOpenObjectByPointer
PsLookupProcessByProcessId
IoDeleteDevice
IoDeleteSymbolicLink
PsSetCreateProcessNotifyRoutine
RtlAnsiStringToUnicodeString
RtlInitAnsiString
ZwOpenProcess
KeServiceDescriptorTable
IoCreateSymbolicLink
IoCreateDevice

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 876B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ