19e1bc8516cb599af25dcd5037111cea_JaffaCakes118 | Triage

Sharing

General

Target

19e1bc8516cb599af25dcd5037111cea_JaffaCakes118
Size

42KB
MD5

19e1bc8516cb599af25dcd5037111cea
SHA1

91b8ad21d4365f0d29b4482ef4f332a7db920de5
SHA256

8d7f405c6cf16d3a3596a4ab8c798bb83b8c5e3d5434aec54afd910b41d355cb
SHA512

54d88117bc47f16f128de5e02ac280a7a20728497d8c2f2baa31b31b4080685c8c1506c2856f51a8c734f2fe7bedad961e7309fcaba6a3b076fd81b1755050d6
SSDEEP

768:9tQbPlyn8lc81GMq2e1Tbhp1DijfFUrnUDboKLGrM58jxzPL8o:9t2PHl5oD1T9pUTFWUDl41PLL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
19e1bc8516cb599af25dcd5037111cea_JaffaCakes118

Files

19e1bc8516cb599af25dcd5037111cea_JaffaCakes118
.sys windows:5 windows x86 arch:x86

01b69bf263f9c31fff4a52a25afedea2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlAnsiStringToUnicodeString
ExAllocatePoolWithTag
KeGetRecommendedSharedDataAlignment
MmIsNonPagedSystemAddressValid
RtlInitAnsiString
MmGetSystemRoutineAddress

Sections

.text
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 384B - Virtual size: 258B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 128B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ