eb67660ba30ddae2ab85bc13da61fdfa_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

eb67660ba30ddae2ab85bc13da61fdfa_JaffaCakes118
Size

40KB
MD5

eb67660ba30ddae2ab85bc13da61fdfa
SHA1

fb729861002fa7a611982766b93193377dffdf59
SHA256

768d9bf6dea8cbfd55a156a3c2573fe89f325fc8dc73c5dee24d6837349a8277
SHA512

2d75484b9ca77bf31f8e3dbce1c3e140047e865874ab6ab8fbef1f289fcc0f8d27492f65f4811b92c2a955e34b191376c1b874c6bbc20fcbc4b0882a90fa0dfe
SSDEEP

768:0ftbYOwlnz+hGYc4G3kcYdaIMjHWNoBXfnH6Q5HhSVFTZXPBqCt:0dYD+hr8ezMjpfaQJhSVdZpqCt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
eb67660ba30ddae2ab85bc13da61fdfa_JaffaCakes118

Files

eb67660ba30ddae2ab85bc13da61fdfa_JaffaCakes118
.sys windows:5 windows x86 arch:x86

84308320194b82835e1eb46ab10ec65f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExInterlockedFlushSList
RtlInitAnsiString
RtlAnsiStringToUnicodeString
MmIsNonPagedSystemAddressValid
MmGetSystemRoutineAddress
ExAllocatePoolWithTag
RtlMapGenericMask
RtlLengthSecurityDescriptor

Sections

.text
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 384B - Virtual size: 338B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 128B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ