d4eb78149f576e7c8f0ee088cb9fb123_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d4eb78149f576e7c8f0ee088cb9fb123_JaffaCakes118
Size

29KB
MD5

d4eb78149f576e7c8f0ee088cb9fb123
SHA1

68fc8aced19bc3c69845d08b05a87ee1711dee7a
SHA256

00512b12f66d7c9d74caf6aadb0855fd11c3a51a3fecdb3c55ec64b2e9e00e67
SHA512

0cbcff49ca193936620c8cb084756961b94eb71e88a4dbb7768d468783c023ff71b7c33037a6dc9c51c44bb8ec3ab6f5e0061bf89e4e7f9c2920bec08a0a163d
SSDEEP

768:CXoAnRftqvvE0Bs7cYhiFw8ih4jSFcVH7564/3T:CYAntt6Ecf2ph4jSSHl64/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d4eb78149f576e7c8f0ee088cb9fb123_JaffaCakes118

Files

d4eb78149f576e7c8f0ee088cb9fb123_JaffaCakes118
.sys windows:5 windows x86 arch:x86

083b2fda79bfff27730cc9cc50f8ecd5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

NtTerminateProcess
NtRaiseHardError
NtTerminateThread
RtlUnwind
NtQueryVirtualMemory
RtlSetProcessIsCritical
NtSetInformationProcess
DbgBreakPoint
RtlAllocateHeap
RtlUnicodeStringToAnsiString
RtlNormalizeProcessParams

csrsrv

CsrServerInitialization

Sections

_kelly_
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ