ed7f9deb11c4b887816c5d4949d9bd41_JaffaCakes118 | Triage

Sharing

General

Target

ed7f9deb11c4b887816c5d4949d9bd41_JaffaCakes118
Size

28KB
MD5

ed7f9deb11c4b887816c5d4949d9bd41
SHA1

21486f09405607a95f72c572b7c0ae0748f77ba4
SHA256

e49794caaf2e9a063e456eff8f37b18a2f2b07bdf6bcf2c99fe38ca4c8e35f8f
SHA512

7a0c3d7415aee550d6b5b92e54927f19578c4ccda5900278b21ab0ce0dd8e71a336d7bd1952e791df39f09b3e7eaf6a2987491d1803abc030c5414a0e919e40b
SSDEEP

384:cu9SCSQbbjueCBevwS5n6nGYj/uXFpOBD5pBdL2G5pKGN:SCS8bCeSIYjuXfOBD5pBf5px

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ed7f9deb11c4b887816c5d4949d9bd41_JaffaCakes118

Files

ed7f9deb11c4b887816c5d4949d9bd41_JaffaCakes118
.sys windows:4 windows x86 arch:x86

fcc0dc56b6b88934f3045ddb05522fcc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

swprintf
IofCompleteRequest
wcscpy
wcscat
RtlInitUnicodeString
KeServiceDescriptorTable
_stricmp
strncmp
IoGetCurrentProcess
strncpy
ZwClose
ExFreePool
ExAllocatePoolWithTag
_except_handler3
wcslen
RtlCopyUnicodeString
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
_strnicmp
ObfDereferenceObject
ObQueryNameString
RtlAnsiStringToUnicodeString
MmGetSystemRoutineAddress
_snprintf
ZwQuerySystemInformation
ZwUnmapViewOfSection
RtlCompareUnicodeString
ExGetPreviousMode
_wcsnicmp
MmIsAddressValid

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 768B - Virtual size: 756B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ