14ba253b5a2ce834c52a366050e106af_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

14ba253b5a2ce834c52a366050e106af_JaffaCakes118
Size

28KB
MD5

14ba253b5a2ce834c52a366050e106af
SHA1

0ff58a18467ccd2b10868fd7339f4425de7a1662
SHA256

8b4f84eec9c2fea139eacb56570bd5e222254ef97c07e45c042c2d19ff2cfc97
SHA512

bd0cc04f2183cdc2dba88786089f32997cc3de61cd799b7fae7e82c50f76b4ef1afbe4b4e54241201153c12836365f5675c8a18a1cf7eee89c26fc6283f6a849
SSDEEP

384:pufGaAeaZR1EQq4oTLpJeSLiarc1aNIzmjFtpp1GeoJAI3CI7ev222X:pueaATZR0TlJOarZNgmjTKJgI7eg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
14ba253b5a2ce834c52a366050e106af_JaffaCakes118

Files

14ba253b5a2ce834c52a366050e106af_JaffaCakes118
.sys windows:4 windows x86 arch:x86

72709ec55e9d5418b6d864f124811d7c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ObfDereferenceObject
RtlInitUnicodeString
wcslen
wcscat
wcscpy
_strnicmp
strncmp
swprintf
MmGetSystemRoutineAddress
ExFreePool
_snprintf
ExAllocatePoolWithTag
RtlAnsiStringToUnicodeString
RtlCopyUnicodeString
_stricmp
strncpy
ZwClose
ZwOpenKey
_wcsnicmp
IofCompleteRequest

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 896B - Virtual size: 882B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ