09951363b83a8ef634634e029b11b0f0_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

09951363b83a8ef634634e029b11b0f0_JaffaCakes118
Size

42KB
MD5

09951363b83a8ef634634e029b11b0f0
SHA1

93db1ea7779bfec9e37789114ec6e2ef4619f45d
SHA256

aba79ab4ee7a42066d9b383da2b0d7527d356f615cc29c8018a2f3a044d5fee3
SHA512

aaa5f3de2071cb44e9dd447c5bab70fb93f193844822d8c604ef9af61fd3141b7ae70ab6fcdea81ab7df4a5247d70a928bb0b4efbb884bc734c562bc282fc5f9
SSDEEP

768:t46bFZadgXcvod0bghOplhs4HZlcCm6aPuN3TW9b3OdG/6ZAhkm:tD3UgyodMghOplhsgcCmLP8jWIdGWn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
09951363b83a8ef634634e029b11b0f0_JaffaCakes118

Files

09951363b83a8ef634634e029b11b0f0_JaffaCakes118
.sys windows:5 windows x86 arch:x86

65acafe725a8800f8a8a394549608ac8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlStringFromGUID
ExUuidCreate
MmIsNonPagedSystemAddressValid
PsChargeProcessPoolQuota
RtlIpv4StringToAddressA
RtlInitUnicodeString
ExAllocatePoolWithTag
MmGetSystemRoutineAddress
PsReturnPoolQuota

Sections

.text
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 384B - Virtual size: 350B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 128B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ