e0292c29d8370be166b1efcfbf0b642a_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e0292c29d8370be166b1efcfbf0b642a_JaffaCakes118
Size

7KB
MD5

e0292c29d8370be166b1efcfbf0b642a
SHA1

52437ebcbbb275774a9c805675c5fb3220a106bc
SHA256

59355de4cdf4de98c7c2104a8be3ea75793321a19058cf664117a0a8a7cd58ec
SHA512

a39781054d10477af13d8037e3bb26dd8ad06ed8915eefa0473bd10f50f4c3643a81e23c8f0b0ed48aade1ce504f354871f80780c73d6ec0fc77732d57c3e548
SSDEEP

96:hEeTMNF4miOMJC+zbbGMyGubxVI2dhXA8uNxfxAgF8/0V2/dOhTV+jK:hnwHVi8qbGeUI2dhw3nF8u2U3r

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e0292c29d8370be166b1efcfbf0b642a_JaffaCakes118

Files

e0292c29d8370be166b1efcfbf0b642a_JaffaCakes118
.dll windows:4 windows x86 arch:x86

a660b0347700e30266fa132a792f3eb0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

memset
_stricmp
_strlwr
sprintf
ZwClose
MmIsAddressValid
ZwQueryInformationProcess
PsGetCurrentProcessId
strlen
memcpy
ZwOpenProcess
ZwSetInformationFile
ZwReadFile
ZwQueryInformationFile
IoGetCurrentProcess
PsGetVersion
KeUnstackDetachProcess
DbgPrint
KeStackAttachProcess
ObReferenceObjectByHandle
KeServiceDescriptorTable
ZwCreateFile
RtlInitUnicodeString
ZwSetValueKey
RtlAnsiStringToUnicodeString
RtlInitAnsiString
ExFreePool
ExAllocatePoolWithTag
NtQuerySystemInformation
IoDeleteDevice
IoCreateSymbolicLink
IoRegisterShutdownNotification
IoCreateDevice
IofCompleteRequest
IoDeleteSymbolicLink

Sections

MiniPE
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 892B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ