2ae78fa497fbee58a4ef7557138d3d9f_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2ae78fa497fbee58a4ef7557138d3d9f_JaffaCakes118
Size

21KB
MD5

2ae78fa497fbee58a4ef7557138d3d9f
SHA1

22662e66638e286cd679f9b4e18f63ddfcf90e71
SHA256

b74d417f542b6c2be64174e6dd8919f198d5cd0d7f8735b00143ca3e31167136
SHA512

91ca126d7ef35ad2d253a5585b5390b673f507879e6b4495875ee762a021abf0e19353893a22a3d1fdcee75c2fd2d47df4588390a5d30142bb61dfc32e1c6e99
SSDEEP

384:D/emoBzLPNiaF42h33JKSamMmQXAQaAHbW7fP3icl7CY1LP:remo5LPNia6EJvMNRbWLviAF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2ae78fa497fbee58a4ef7557138d3d9f_JaffaCakes118

Files

2ae78fa497fbee58a4ef7557138d3d9f_JaffaCakes118
.sys windows:5 windows x86 arch:x86

fa2959a9f853b3d1b8aa344b8e574d1d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

MmProtectMdlSystemAddress
MmGetSystemRoutineAddress
RtlInitUnicodeString
ExAllocatePoolWithTag
RtlLengthSid
NtSetSecurityObject

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 256B - Virtual size: 221B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 128B - Virtual size: 26B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ