1bb91e27fc15d3c89490919a5254c824_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1bb91e27fc15d3c89490919a5254c824_JaffaCakes118
Size

21KB
MD5

1bb91e27fc15d3c89490919a5254c824
SHA1

19735a7591b95b72aa5fc83446f44e53ab47b5d8
SHA256

174b29a6b7b96252dd2f3e9acef520f83a0a345c710c7cdc75e9326f5e66e635
SHA512

302d549157645bac597dd3f66fa71cfbbad3a4560a6bfc9df890ec38bf91411fa2a65147c5b89c1dd84711e43c6d8ed28b2f972413437c481b4215bcb333ac67
SSDEEP

384:WNh3uoLMn3swWHqrY0F0NRhb+5Q/86zWO5VAtDRAmO/y1k:WNhpMn3g00N3b+5686vzcRW/y1k

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1bb91e27fc15d3c89490919a5254c824_JaffaCakes118

Files

1bb91e27fc15d3c89490919a5254c824_JaffaCakes118
.sys windows:5 windows x86 arch:x86

cfa67c1142d7526f3daf996fc43c8768

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlInitUnicodeString
MmGetSystemRoutineAddress
RtlGetOwnerSecurityDescriptor
MmProtectMdlSystemAddress
PsChargeProcessPoolQuota
ExAllocatePoolWithTag

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 256B - Virtual size: 243B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 128B - Virtual size: 26B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ