3f3ab5d5c0ed5234b61bc180f4c8415e_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3f3ab5d5c0ed5234b61bc180f4c8415e_JaffaCakes118
Size

3KB
MD5

3f3ab5d5c0ed5234b61bc180f4c8415e
SHA1

7d8d539ac2ad5294a0d37cc74fdc6ace57333aba
SHA256

6d3c08f90829f839e34d19c3553fa528501393fb9e7a556cff9a28f338dd26da
SHA512

af83c5b7fcb95a84268d7aa5fb1375fb2e3bbabf6719e73a08084ac5c5786123c340e76020a604da504ab646fb552c0ee309d63eddaaefdc2fed7d9519327090

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3f3ab5d5c0ed5234b61bc180f4c8415e_JaffaCakes118

Files

3f3ab5d5c0ed5234b61bc180f4c8415e_JaffaCakes118
.dll windows:5 windows x86 arch:x86

a1940557fb4394344fa7aaa02b655e52

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

ExFreePoolWithTag
ZwQuerySystemInformation
MmUnmapIoSpace
wcslen
MmGetPhysicalAddress
ExAllocatePool
MmMapIoSpace
KeServiceDescriptorTable
wcscmp
memcpy
RtlInitUnicodeString
IoCreateFile
ZwSetInformationFile
ZwCreateFile
ZwClose
PsGetCurrentProcessId
ZwOpenFile
ZwQueryInformationFile
_wcsnicmp
_except_handler3

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 192B - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 192B - Virtual size: 188B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 512B - Virtual size: 506B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 864B - Virtual size: 848B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 160B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ