298f82bd1e264a5c8ea8a2105ffc572b_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

298f82bd1e264a5c8ea8a2105ffc572b_JaffaCakes118
Size

28KB
MD5

298f82bd1e264a5c8ea8a2105ffc572b
SHA1

9a4fc7d81cd053dcd0b30844fc0f81bf38c29011
SHA256

89dcb5fe4530d4afd28f64249203aa43a394767961a76ea372447212bed16767
SHA512

9e806d7acf0e9fd920944a5a8d766d0ae4525fce4f9d356fc0e3cb85222c9717ff2da8e9b8b0045dca0f4aab3cfaedb0f0cc8b711edd45173293343d81c11dcb
SSDEEP

768:vx+EDxfk/OytnfRfWbs6y3NacSHM5QWXu:vxRfKLJb68NacNQE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
298f82bd1e264a5c8ea8a2105ffc572b_JaffaCakes118

Files

298f82bd1e264a5c8ea8a2105ffc572b_JaffaCakes118
.sys windows:4 windows x86 arch:x86

0a477310476e1830c15dddfa7f3021df

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

MmIsAddressValid
MmGetSystemRoutineAddress
RtlInitUnicodeString
ZwClose
wcslen
swprintf
_stricmp
wcscat
wcscpy
IofCompleteRequest
ExFreePool
ExAllocatePoolWithTag
_snprintf
ZwQuerySystemInformation
ZwUnmapViewOfSection
ObfDereferenceObject
ObQueryNameString
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
strncpy
strncmp
IoGetCurrentProcess
_wcsnicmp
RtlAnsiStringToUnicodeString
_strnicmp
RtlCompareUnicodeString
ExGetPreviousMode
_except_handler3
RtlCopyUnicodeString

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 736B - Virtual size: 724B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ