cdf79994426b21d0b8ad8eee237d397f_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

cdf79994426b21d0b8ad8eee237d397f_JaffaCakes118
Size

131KB
MD5

cdf79994426b21d0b8ad8eee237d397f
SHA1

e9b6ee2442a94d5f8cdada9d84568c76837fa1a9
SHA256

d81aa52ca622e01fdb3f99966a517701fdc3ef53df9ce17bf09f0736637cfa61
SHA512

ad42e2de722a30603df18b12eab7b5861be52e6b43642184be2348ae2c194f4a5386dfe633c035906fed96611cecb7a05df6b98108cee187d77d125751da2a4a
SSDEEP

3072:INxLQgOn/nCNU9Zr9vsy39zs+KcTRYpNmqwL8yLm:mx8N/n191Rsks+OpNXwwim

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cdf79994426b21d0b8ad8eee237d397f_JaffaCakes118

Files

cdf79994426b21d0b8ad8eee237d397f_JaffaCakes118
.dll windows:1 windows x86 arch:x86

71b8deeee6e978d790d251b2dc960a1f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

ExAllocatePoolWithTag
ZwCreateEvent
ZwQuerySystemInformation
DbgPrint
ExFreePoolWithTag
IoAcquireCancelSpinLock
MmMapLockedPagesSpecifyCache
IoVerifyPartitionTable
RtlAnsiCharToUnicodeChar
IoGetRelatedDeviceObject
KeTickCount
IoGetCurrentProcess
strstr
RtlConvertSidToUnicodeString
KeBugCheckEx
READ_REGISTER_BUFFER_USHORT
strncmp
_except_handler3
ObReferenceObjectByHandle
KeQueryTimeIncrement
wcsncpy
strncpy
DbgQueryDebugFilterState
ObfReferenceObject
ZwClearEvent

Sections

.data
Size: 129KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 640B - Virtual size: 640B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 800B - Virtual size: 794B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 192B - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE