2d57622a892be8413c5163ab7eb313d0_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2d57622a892be8413c5163ab7eb313d0_JaffaCakes118
Size

30KB
MD5

2d57622a892be8413c5163ab7eb313d0
SHA1

b3349ee7e8301718d532a05c9c437772a63d0c6f
SHA256

1c52049d7af35f50db6dcec4ecc3554aedf0110be1e226465da5ba2b9b28fea9
SHA512

17e2f484d445430c2f412badfcd9d1f484fbe54c24e9f992529f6e00cb35578218d20c76d81116ec8295ac0a48cde3782f483b49e6fb16a0998c1002988d522f
SSDEEP

384:wLVifyDh2QWQ2V1zgXVkp5g6NKyehoyBuiC2PQTDPAsJeCJ1DjuMOp:wKyRW7V1UVkk6NKy/mCuQTDPDJnP+rp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2d57622a892be8413c5163ab7eb313d0_JaffaCakes118

Files

2d57622a892be8413c5163ab7eb313d0_JaffaCakes118
.sys windows:4 windows x86 arch:x86

dd6898e1bb8e366731850b29e42a6f92

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwMapViewOfSection
ZwCreateSection
RtlInitUnicodeString
_wcsnicmp
wcslen
_strnicmp
MmGetSystemRoutineAddress
swprintf
ZwUnmapViewOfSection
_stricmp
wcscat
wcscpy
strncpy
ObfDereferenceObject
ObQueryNameString
ExFreePool
ExAllocatePoolWithTag
RtlCopyUnicodeString
PsGetVersion
RtlAnsiStringToUnicodeString
strncmp
_except_handler3
_snprintf

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 576B - Virtual size: 550B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ