468fd721f5f68832fbd883785a98363f_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

468fd721f5f68832fbd883785a98363f_JaffaCakes118
Size

132KB
MD5

468fd721f5f68832fbd883785a98363f
SHA1

fbf8c84f29dd3c783037c7cc651a5835e1f181f1
SHA256

9d60b2fc6fb3b430a65dd631db3988c50f2fede89e4761b5fcf0d1dd33031cc9
SHA512

d08be04c8b2c433c59e03811a58ce8699a9609da47a4b9b04a473e6d2729ad092fc1771c3b9165495c14cbfdb2feaf88ec148d570096cf197f49a146ed12e4c6
SSDEEP

3072:66NjlqVxE2l076aSk0P6DxnW4afJ/3nHEkMocuExi70mRErS:66Nya1Zh0cnW4iFnkkM3Nxi2rS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
468fd721f5f68832fbd883785a98363f_JaffaCakes118

Files

468fd721f5f68832fbd883785a98363f_JaffaCakes118
.dll windows:1 windows x86 arch:x86

8b0d6040d5751e4b5e0f5787ce486ef0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

strstr
wcsncpy
ExFreePoolWithTag
ObReferenceObjectByHandle
ExAllocatePoolWithTag
_except_handler3
KeTickCount
strncpy
MmMapLockedPagesSpecifyCache
IoGetCurrentProcess
ZwQuerySystemInformation
ObfReferenceObject
DbgPrint
KeQueryTimeIncrement
KeBugCheckEx
strncmp
RtlAnsiCharToUnicodeChar

Sections

.data
Size: 130KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 160B - Virtual size: 147B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 544B - Virtual size: 528B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 128B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE