04b7367ecec97075422f868bf0fca44c_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

04b7367ecec97075422f868bf0fca44c_JaffaCakes118
Size

70KB
MD5

04b7367ecec97075422f868bf0fca44c
SHA1

0482618db5e191c31c6069ebef86056b61ffb5ff
SHA256

1de2ebaa25de678f817a3bb317299968f19cab5844ccfe27ca9381484e88360f
SHA512

46c7b1110fb053d9e270b8d6655e2a5bcf600449cf081772cd65864c5ffa8fbef80e923e34d51189d15deec5a08f6f698a023f75d87f061c3c02cdbbbf1ef8a6
SSDEEP

1536:CHJCiooipBoGUwr+xxwIfFI6ejHW9pSVXl+VnxuxDJBya:CHJFEBobmiCz2jo4cJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
04b7367ecec97075422f868bf0fca44c_JaffaCakes118

Files

04b7367ecec97075422f868bf0fca44c_JaffaCakes118
.dll windows:4 windows x86 arch:x86

1dc79a5eaf56a93455ae16f9673260cd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

NtDeleteAtom
CcUnpinDataForThread
RtlCreateHeap
ObInsertObject
RtlUpcaseUnicodeToOemN
RtlUpperChar
FsRtlPrivateLock
RtlUpcaseUnicodeStringToOemString
ExInterlockedPushEntryList
Exfi386InterlockedExchangeUlong
IoGetBootDiskInformation
KeReadStateMutant
KeGetCurrentThread
CcDeferWrite

Sections

.data
Size: - Virtual size: 84KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 425B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ