f0fcfae4d8df3fb18dc898bc53a36e29_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f0fcfae4d8df3fb18dc898bc53a36e29_JaffaCakes118
Size

29KB
MD5

f0fcfae4d8df3fb18dc898bc53a36e29
SHA1

c4e1e58e0aba4f3ae7d154a495aa5db4bb664058
SHA256

26c0f9fa4e2a94b1a07a159762fc3eeb1db579ad30020806691f0fb53b3ee1fc
SHA512

c3793ede73142ffccf18b690c4fdcbb7bbb7a1a250db3f066bd246b821598450eb0b031be46f7922113e21926fba03ed7951f5216b2412fb2db9daa94365b0a1
SSDEEP

768:B8dFA18GRFP1n6ekHVYGqxLvZn8gjWJXu:6o18wnnxkHaGq5ZdjWl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f0fcfae4d8df3fb18dc898bc53a36e29_JaffaCakes118

Files

f0fcfae4d8df3fb18dc898bc53a36e29_JaffaCakes118
.sys windows:4 windows x86 arch:x86

7ff87b616c94dc4cc4946dfb7cb85b2d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
RtlInitUnicodeString
_wcsnicmp
wcslen
RtlAnsiStringToUnicodeString
swprintf
MmGetSystemRoutineAddress
ZwUnmapViewOfSection
_snprintf
ExFreePool
ExAllocatePoolWithTag
ZwQuerySystemInformation
strncpy
IoGetCurrentProcess
strncmp
RtlCompareUnicodeString
MmIsAddressValid
_stricmp
wcscpy
wcscat
RtlCopyUnicodeString
_except_handler3
ObfDereferenceObject
ObQueryNameString
_strnicmp
IofCompleteRequest

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 704B - Virtual size: 686B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ