033468b772b9aacb73a4f12888f15e1d_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

033468b772b9aacb73a4f12888f15e1d_JaffaCakes118
Size

27KB
MD5

033468b772b9aacb73a4f12888f15e1d
SHA1

b46e1fe6f70b1289d0430e6221c6877c7353442f
SHA256

cd913682fe638a5dcd33d7eee48381fb6f5a103b30e23d687a7c16f78def6757
SHA512

c686db177d9553da16e47be938ceb2a4934871766c90ee5580e0298dcba8f87f1b61db878e5bc5fcb6f664526d34468b420b3b536f13883c1d5c48a545691d34
SSDEEP

768:mw2k7+es7xrBR379dzLBSCFbuUcOM9PJxMlM:mw17+e8rB9zNrSOMRMlM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
033468b772b9aacb73a4f12888f15e1d_JaffaCakes118

Files

033468b772b9aacb73a4f12888f15e1d_JaffaCakes118
.sys windows:4 windows x86 arch:x86

8d2c0a26e4405beb64d2a1a2b1db2f23

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

MmGetSystemRoutineAddress
RtlInitUnicodeString
RtlAnsiStringToUnicodeString
_strnicmp
wcslen
wcscat
wcscpy
swprintf
_wcsnicmp
strncpy
ObfDereferenceObject
ZwClose
ZwOpenKey
_stricmp
ExFreePool
_snprintf
ExAllocatePoolWithTag
RtlCopyUnicodeString
strncmp

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 800B - Virtual size: 800B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 832B - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ