0ac7d8763cef596c2cf6fe2eb41bfe5a_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0ac7d8763cef596c2cf6fe2eb41bfe5a_JaffaCakes118
Size

22KB
MD5

0ac7d8763cef596c2cf6fe2eb41bfe5a
SHA1

9ce2bfeac156224b8b5eb203d5898266330cd71d
SHA256

62ed884cd2de1aa846c8823aa7949914b0a8924757f481a86d5f66657f37d234
SHA512

6bc2490d0924d8c18c4a85b3f2cef6c67071ed4afef661d515d2ffc19311d22be189a3b216f5ea73c5e6e416d6e782c2a4e7623f30852b1dc9d8c069b269b5b2
SSDEEP

384:e26Dgz8x419OmbpdjE8w1y2rpemtBI2YLhxr3UL+HR8tNo/H7N87mmarbJf3:t6kec9OqdRwLpeb39UL+HRaNMHq7mmap

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0ac7d8763cef596c2cf6fe2eb41bfe5a_JaffaCakes118

Files

0ac7d8763cef596c2cf6fe2eb41bfe5a_JaffaCakes118
.sys windows:4 windows x86 arch:x86

d37b3c00bfd3e7d151dcddb05b0e49b4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwDeleteFile
IoBuildAsynchronousFsdRequest
ExFreePool
WRITE_REGISTER_ULONG
RtlCustomCPToUnicodeN
ZwSaveKey
CcUnpinData
RtlFillMemoryUlong
RtlFindMessage
towupper
MmIsNonPagedSystemAddressValid
ZwQueryDefaultLocale
RtlGetSaclSecurityDescriptor
PsChargePoolQuota
RtlIntegerToUnicodeString
ObQueryNameString
ZwQueryInformationFile
InterlockedIncrement
ZwQueryInformationProcess
FsRtlAreNamesEqual
DbgPrint

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

ILIT
Size: 1024B - Virtual size: 614B

IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 391B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ