f16478e260d8380bedb61d639dc7d560_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f16478e260d8380bedb61d639dc7d560_JaffaCakes118
Size

24KB
MD5

f16478e260d8380bedb61d639dc7d560
SHA1

06778f57c961ce7ee0ccce3c1921dc8f8a7448cc
SHA256

7a1cf1868401780cb96e3a4bbfe275315492af750c4aac5552c2e634866398c0
SHA512

317ba64f3d337457fc49b10c15d839e835745f9b56eb0d108318277118ea3f77bd83353edbe4e3783b4f60135898910b3cfe2cba8ad485c0c9ad6aa97dad68a7
SSDEEP

384:f1/VM00e/8H5XDPyYXcdy/mGSW5bsQFcsBsgGNCfIee6C/zE:ffMh8YDPzXcqmTQmWGNCAzX7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f16478e260d8380bedb61d639dc7d560_JaffaCakes118

Files

f16478e260d8380bedb61d639dc7d560_JaffaCakes118
.sys windows:4 windows x86 arch:x86

a71a8167618390f8973b5cd69d801403

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwClose
wcslen
swprintf
RtlInitUnicodeString
wcscat
wcscpy
_stricmp
strncpy
ExFreePool
_snprintf
ExAllocatePoolWithTag
ZwQuerySystemInformation
RtlCompareUnicodeString
RtlCopyUnicodeString
RtlAnsiStringToUnicodeString
MmIsAddressValid
IofCompleteRequest
ObfDereferenceObject
ObQueryNameString
KeServiceDescriptorTable
PsGetVersion
strncmp
IoGetCurrentProcess
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
_wcsnicmp
_except_handler3
_strnicmp
MmGetSystemRoutineAddress
ZwUnmapViewOfSection

Sections

.text
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 768B - Virtual size: 752B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 992B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ