133552d211657a84bbad9b0b0ee85d62_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

133552d211657a84bbad9b0b0ee85d62_JaffaCakes118
Size

41KB
MD5

133552d211657a84bbad9b0b0ee85d62
SHA1

7295c8ded17a012ac43d644f0f1a54a9183d0efe
SHA256

89145e3f91b0d37f97b94df731666296feaaf3bd1a395923dd5df16985360d07
SHA512

0f6c342b57e2f19fc062de07f85e7354c973530177c3b11b68b9b568357fed1f599d775d3c7b2e4170cb8a758e4196bc9b123e27ee1e6fd9ce8d5c0740a7a156
SSDEEP

768:jXK9kIPkreLM2vCTnY5yq7g2Ty0j10F7fc4wEN923vdbIUWw:LckH2ymD2N049231b4w

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
133552d211657a84bbad9b0b0ee85d62_JaffaCakes118

Files

133552d211657a84bbad9b0b0ee85d62_JaffaCakes118
.dll windows:5 windows x86 arch:x86

21e7040d2f4ae755cbd1527ce873c90c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

RtlDelete
ExFreePoolWithTag
KeResetEvent
KeReadStateEvent
IoAllocateErrorLogEntry
ExAllocatePool
KeReadStateTimer
RtlSplay
ZwOpenEvent
KeClearEvent
RtlCreateHeap
VerSetConditionMask
RtlFreeHeap
RtlInitUnicodeString
KeSetEvent
RtlDestroyHeap
KeInitializeEvent
RtlVerifyVersionInfo
RtlFreeUnicodeString
RtlAllocateHeap
KeWaitForSingleObject
KePulseEvent
RtlxUnicodeStringToOemSize
memcpy
memset

Exports

Exports

_GetFirmware@8

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 132B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 79B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 616B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 166B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ