1a8a437ca19bc18fbd4a647223d297d2_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1a8a437ca19bc18fbd4a647223d297d2_JaffaCakes118
Size

21KB
MD5

1a8a437ca19bc18fbd4a647223d297d2
SHA1

ea409a1a56206ee562895e6b7384e81d176451c4
SHA256

40dc45b06c7a8ae7727f951dc5b32fd9a8b324a5eaaa2e357ce670510e87e79c
SHA512

b0132fe99225d0de92da6f7c5fb5714e31947092c5a7a8602e15aa5f3bb0afe9157df5f91806b2e6141c237fcb08b19be7f47b8db4608eb2b1cb7881a1391d89
SSDEEP

192:G49xIX7b6ckUZ7eih0BVn80bkFjlCK5XapVbl6zDp0xVKrKntWfdpvh0CPnAbHWx:iZbSS0bkPCfpV5xsKntWXhN4zW5+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1a8a437ca19bc18fbd4a647223d297d2_JaffaCakes118

Files

1a8a437ca19bc18fbd4a647223d297d2_JaffaCakes118
.sys windows:5 windows x86 arch:x86

7ef8a8cac7fcacf1a9cf4bb532fd5ead

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlAnsiStringToUnicodeString
RtlInitAnsiString
RtlValidRelativeSecurityDescriptor
MmGetSystemRoutineAddress
RtlEqualSid
ExAllocatePoolWithTag

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 256B - Virtual size: 235B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 128B - Virtual size: 30B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ