2fcf735235de7aa7263490b95c0e2d5a_JaffaCakes118 | Triage

Sharing

General

Target

2fcf735235de7aa7263490b95c0e2d5a_JaffaCakes118
Size

133KB
MD5

2fcf735235de7aa7263490b95c0e2d5a
SHA1

92fba9741e5c6158a73479bb15446f014e587e68
SHA256

1d682c971fac3be06e4bab4809530f00292f587053ef5b59bd165b97d71c3cfc
SHA512

d6ede36d1237b9f0073d9031e9b21544ce6532b1940e3eb842b85b34b0ba92284ea5236e047582564c38acf58ed22fe4a42ae22785cd72657ad1abe4786bc266
SSDEEP

3072:SblBLPZIecfzOHEsDiWPBKR07WyAoCkAJL8/JNqRiEPXXLFAhDX4+:Q79IecfztkJk06IJNq7PXXLa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2fcf735235de7aa7263490b95c0e2d5a_JaffaCakes118

Files

2fcf735235de7aa7263490b95c0e2d5a_JaffaCakes118
.dll windows:1 windows x86 arch:x86

f2bd151db432a4e5a415332adbeef586

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

IoGetCurrentProcess
strncmp
strstr
_except_handler3
KeQueryTimeIncrement
ObfReferenceObject
KeTickCount
strncpy
ZwQuerySystemInformation
RtlAnsiCharToUnicodeChar
MmMapLockedPagesSpecifyCache
ExFreePoolWithTag
DbgPrint
KeBugCheckEx
ObReferenceObjectByHandle
wcsncpy
ExAllocatePoolWithTag

Sections

.data
Size: 130KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 160B - Virtual size: 148B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 544B - Virtual size: 528B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 160B - Virtual size: 138B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE