df4fe7086d6f7b86496addc2eed98d7e_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

df4fe7086d6f7b86496addc2eed98d7e_JaffaCakes118
Size

72KB
MD5

df4fe7086d6f7b86496addc2eed98d7e
SHA1

ef6567f0dff18f2f5ad1f91a58a8dfbb70b58ae7
SHA256

e5c9bdb1b0f61884136507580de8108ae323d905588e27c891f6be6b877c6ed6
SHA512

75a2625d5440cc1a2b518b237059bccef86bfd0cfe6c538c686a89e6673ef428e8a17ed9d10639f184c284b7a5fcd844e1822f9922c490f69e6233648455d73b
SSDEEP

1536:CUFnfS6/j4+ULqqndp7I76X8BRBJ5ZxpAtZg0S6PhJZ8HJ46FCX7O/WZQpRJs2:3JS6L4+ULqi3IeX8HBJpyeHB4Qvy2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
df4fe7086d6f7b86496addc2eed98d7e_JaffaCakes118

Files

df4fe7086d6f7b86496addc2eed98d7e_JaffaCakes118
.dll windows:4 windows x86 arch:x86

26aa909d46e72c6d9f51e2f40d111ce6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

RtlAddAce
KeIcacheFlushCount
KeInsertHeadQueue
DbgLoadImageSymbols
IoCreateSymbolicLink
SeReleaseSubjectContext
wcscpy
ZwOpenThread
RtlUpcaseUnicodeString
ExInterlockedAddLargeInteger
FsRtlAllocatePool
IoGetAttachedDeviceReference
RtlDowncaseUnicodeString
PsLookupProcessThreadByCid

Sections

.data
Size: - Virtual size: 88KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 424B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ