2948db66b76d6452859e3a8b66cfea03_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2948db66b76d6452859e3a8b66cfea03_JaffaCakes118
Size

133KB
MD5

2948db66b76d6452859e3a8b66cfea03
SHA1

81296f64e4b0a4d048d10ee8670af07d9d8b8a7c
SHA256

b9f97d4ae00a55f3f78c3993e894092d504de0602ba0f3c201863efc01404041
SHA512

f21af8ad013faf26317dc60e1f251781bd22f2e18d08510cde0aa1f747c997f346087a734774bf82873ded20aa494b80b18f0df0d4fa5046089450a1928661cd
SSDEEP

3072:d9LLvCxKxKEyv0hpy/g1pQgZrza8JCQp4bbqXgzfWdml1:dV2eyMhs/8pQka8JNKHkN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2948db66b76d6452859e3a8b66cfea03_JaffaCakes118

Files

2948db66b76d6452859e3a8b66cfea03_JaffaCakes118
.dll windows:1 windows x86 arch:x86

dba65bf8f50b6a5af5dc479ec9179c8c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

KeQueryTimeIncrement
strncpy
IoGetCurrentProcess
ExFreePoolWithTag
ObReferenceObjectByHandle
strstr
wcsncpy
ExAllocatePoolWithTag
strncmp
DbgPrint
KeTickCount
KeBugCheckEx
ObfReferenceObject
RtlAnsiCharToUnicodeChar
ZwQuerySystemInformation
_except_handler3
MmMapLockedPagesSpecifyCache

Sections

.data
Size: 130KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 160B - Virtual size: 149B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 544B - Virtual size: 528B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 160B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE