f86c4e6ac97400dbcc6c09658cf4053f_JaffaCakes118 | Triage

Sharing

General

Target

f86c4e6ac97400dbcc6c09658cf4053f_JaffaCakes118
Size

6KB
MD5

f86c4e6ac97400dbcc6c09658cf4053f
SHA1

6ec2ecbd7e6324b514eb77072f2b748268f8a575
SHA256

f552f902c4e19e40187cf11d318275e9457844b04b526b3e7f0d07f44e84b387
SHA512

07f42757144fe25b94c3ff7434579cb258419001f2a879931f20195eebf579747e6c7b1473992d6d209e3d2f8ab306327659d50293cfd0c8b1342505983fb623
SSDEEP

96:UsVwV71mUI7c6ijnhjuO+vTlOybkWZ4apA9pcec4FZveqIu1D:NVoTFLduO0TlOyZyvjLIul

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f86c4e6ac97400dbcc6c09658cf4053f_JaffaCakes118

Files

f86c4e6ac97400dbcc6c09658cf4053f_JaffaCakes118
.sys windows:4 windows x86 arch:x86

29322f3d4e1ac536d20c2dfe0c713dea

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExAllocatePoolWithTag
ExFreePoolWithTag
PsSetLoadImageNotifyRoutine
ObMakeTemporaryObject
KeInitializeApc
KeInsertQueueApc
FsRtlIsNameInExpression
RtlImageDirectoryEntryToData
ExAllocatePool
ZwQueryDirectoryFile
KeGetCurrentThread
RtlWriteRegistryValue
KeServiceDescriptorTable
ObfReferenceObject
RtlCreateRegistryKey
ZwEnumerateKey
ZwAllocateVirtualMemory
_except_handler3
memcpy
memset

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 318B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ