1a08b8d299093d71aae53e8b0357f52e_JaffaCakes118 | Triage

Sharing

General

Target

1a08b8d299093d71aae53e8b0357f52e_JaffaCakes118
Size

33KB
MD5

1a08b8d299093d71aae53e8b0357f52e
SHA1

15e5d023139e5bee7cf1963ce4d88dce1c79822d
SHA256

16e268c53536062aacb2cffe601649c75afce099a48412faac2cd006e12ba5cf
SHA512

cd543270e96631e9e2a4f4e98a2932f8b696aad48f99b6892f0c34aa83eec2f7ab19a0b86455616f9e405a112cf9b208414cfefb61df40e175e31505d5d8972c
SSDEEP

384:P03nzbI1jArLaq0zbNXPBZXE9SBHn6BDkTotBckmMBKuxrEdj4V:sC8rmPBPWEH+4TotBjmo/k4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1a08b8d299093d71aae53e8b0357f52e_JaffaCakes118

Files

1a08b8d299093d71aae53e8b0357f52e_JaffaCakes118
.sys windows:4 windows x86 arch:x86

2f5b002c9c7faf98adb4728e4f2e4df5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

MmIsThisAnNtAsSystem
RtlConvertLongToLargeInteger
ExFreePool
RtlDecompressBuffer
PsGetCurrentThreadId
NtSetEvent
ExInterlockedExtendZone
RtlAnsiCharToUnicodeChar
RtlPrefixString
KeI386ReleaseLid
_purecall
ExAllocatePool
ZwQuerySystemInformation
RtlAddAce
MmUserProbeAddress

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE