1776491f011dce792861fca8948855d2_JaffaCakes118 | Triage

Sharing

General

Target

1776491f011dce792861fca8948855d2_JaffaCakes118
Size

107KB
MD5

1776491f011dce792861fca8948855d2
SHA1

d546582febaf30943272af6e15fd3a9683f13265
SHA256

cc9ae8726bb901609c43c6cf011cd37ba8299457cc25267febe00a9a1f98085c
SHA512

889252c1ddb20209e4e57086964ab3311fc95c9eccc9630789ae36a333641de2df3c6b50cddb609189642cd801192ad6b9ac552a3799b8849df70d1cb3a7e3fb
SSDEEP

1536:T0eA23YTfcsSG0k9wWu3QlkNrgnFRroEuNGtm7o4PcwaA9J+WF3:TD3YDGG0/3QWcnroxIH4Pcwd9Jbx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1776491f011dce792861fca8948855d2_JaffaCakes118

Files

1776491f011dce792861fca8948855d2_JaffaCakes118
.sys windows:4 windows x86 arch:x86

641da610618d4ccccb213a94cf5bfe3b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

strncmp
strncpy
strstr
_except_handler3
ExFreePoolWithTag
ExAllocatePoolWithTag
ZwQuerySystemInformation
DbgPrint
RtlAnsiCharToUnicodeChar
KeBugCheckEx

Sections

.text
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ