c0e3e292c876f0a41078f12c007c1286_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c0e3e292c876f0a41078f12c007c1286_JaffaCakes118
Size

5KB
MD5

c0e3e292c876f0a41078f12c007c1286
SHA1

00501cd88b967a2a38da53afbe6581ffe9bb0971
SHA256

f83308622fa07dc60d547098549d3531c99cda36ad04a6a7d324424118707519
SHA512

498b96b1090184a92498f9c2ae3d82299d930f53c7a24f5fb8a2eb182a7eb2c0dad1d6e8dadc142764a3be9715705d958f7101c1fdcde0bcc3f446da18b89a4c
SSDEEP

48:iQWGMY0ydX5q6VOTjVGcdc9qe22zaDnHXIc83bj0ctqT0ct30ct4znYzgvTgVc/f:GvWdlVYLdcgdDn3T833czdaznYznS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c0e3e292c876f0a41078f12c007c1286_JaffaCakes118

Files

c0e3e292c876f0a41078f12c007c1286_JaffaCakes118
.dll windows:4 windows x86 arch:x86

f53b80d52bbc34fe92f2abb961c8b1d6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

IofCompleteRequest
ZwClose
ZwUnmapViewOfSection
ExAllocatePoolWithTag
ZwMapViewOfSection
ZwOpenSection
RtlInitUnicodeString
memcpy
MmIsAddressValid
ObfDereferenceObject
ZwAllocateVirtualMemory
ObOpenObjectByPointer
PsLookupProcessByProcessId
IoDeleteDevice
IoDeleteSymbolicLink
PsSetCreateProcessNotifyRoutine
RtlAnsiStringToUnicodeString
RtlInitAnsiString
ZwOpenProcess
KeServiceDescriptorTable
IoCreateSymbolicLink
IoCreateDevice

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 876B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ