d5348ea2327aac21b9544d6e31d55ba4_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d5348ea2327aac21b9544d6e31d55ba4_JaffaCakes118
Size

135KB
MD5

d5348ea2327aac21b9544d6e31d55ba4
SHA1

27c93504385301bbb35739845649e29cf108f9a5
SHA256

86b3b7ef8c97587f5bd3e8d080d531c5725543f4bc425438830288f8d3ce67a9
SHA512

161cb7ed5e4611d43e63cb9ecbfee3ef666fa7b93105bb525499c146d484fe513543259ba2a4b93d15612b8d6c38c3e125b6dfac0071407c69cb76e8b5247369
SSDEEP

3072:zznGP0gvrPSmYKWBmv/wcxNIe2jjvDo3CX9cH7Fjw:3nGP0gvWBmQcx6PPDo09ch

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d5348ea2327aac21b9544d6e31d55ba4_JaffaCakes118

Files

d5348ea2327aac21b9544d6e31d55ba4_JaffaCakes118
.dll windows:1 windows x86 arch:x86

4e650bb66e91d7bb25a51d3b4ae989bd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

KeTickCount
ObfReferenceObject
ExFreePoolWithTag
DbgPrint
FsRtlNotifyReportChange
IoSetStartIoAttributes
ZwQuerySystemInformation
PsSetThreadHardErrorsAreDisabled
ZwOpenKey
PsGetJobUIRestrictionsClass
SeQuerySecurityDescriptorInfo
strncpy
strstr
RtlxUnicodeStringToOemSize
_except_handler3
KeQueryTimeIncrement
ExAllocatePoolWithTag
RtlAnsiCharToUnicodeChar
RtlCustomCPToUnicodeN
strncmp
ObReferenceObjectByHandle
KeBugCheckEx
wcsncpy
IoGetCurrentProcess
MmMapLockedPagesSpecifyCache

Sections

.data
Size: 132KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 640B - Virtual size: 635B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 832B - Virtual size: 808B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 192B - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE