dc840ffd4878cb418f60dfd747d94d05_JaffaCakes118 | Triage

Sharing

General

Target

dc840ffd4878cb418f60dfd747d94d05_JaffaCakes118
Size

66KB
MD5

dc840ffd4878cb418f60dfd747d94d05
SHA1

171b52fd33162d58a7b32f5958b368a387cd2545
SHA256

79ceb3e6c1822d254f59467cfaca13c3e7352a49b43628562703c715ffca32c0
SHA512

416a77803fcc05f6688e8d6415639501c8e22772058164d45a82df50bc4d467aa86a0309608240288363b77a38a8a4bb0cad621ed998b2fdfe5fa0032ccd5ed1
SSDEEP

1536:1O9CRymKa2oqAs4J4knBXN/63kuaoQ25BmMQ29rM:aCRymKtXLqtn3/60u1bXmMQ2a

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dc840ffd4878cb418f60dfd747d94d05_JaffaCakes118

Files

dc840ffd4878cb418f60dfd747d94d05_JaffaCakes118
.dll windows:5 windows x86 arch:x86

6a8c11b7f4de4f877cbac1be993a2950

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

f:\VC5\release\nthost.pdb

Imports

ntoskrnl.exe

ExFreePoolWithTag
ZwClose
DbgPrint
ZwAllocateVirtualMemory
ZwCreateEvent
ObReferenceObjectByHandle
ZwOpenKey
ZwQueryKey
KeQuerySystemTime
RtlEqualUnicodeString
KeSetEvent
PsGetProcessImageFileName
IoGetCurrentProcess
ZwWriteFile
KeInitializeApc
KeGetCurrentThread
ObfReferenceObject
KeInsertQueueApc
KeDelayExecutionThread
PsRemoveLoadImageNotifyRoutine
IoDeleteDevice
KeBugCheck
ObReferenceObjectByName
IoDriverObjectType
IofCompleteRequest
IoCreateDevice
PsSetLoadImageNotifyRoutine
ExAllocatePool
ZwCreateFile
_stricmp
ObfDereferenceObject

hal

KfLowerIrql
KeGetCurrentIrql
KfRaiseIrql

Sections

.text
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 446B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ