3223332a358e13ae5f7fa83549e909d0_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3223332a358e13ae5f7fa83549e909d0_JaffaCakes118
Size

27KB
MD5

3223332a358e13ae5f7fa83549e909d0
SHA1

51994a155aeee830aa94c76dc039602e4a9b93d5
SHA256

625f32187db3ef62f07437072f3b5fff3b86fe815555f6d0d2a267f6d34a1c0a
SHA512

6fd4ced779565cad3d857904316871ed9b0c759a33a073098c8797d0137abdcf128e9df416728d615b38e21c5888e3857480cbcf2fe64af29e10e53ea075116f
SSDEEP

384:rGFW47+glOu2Z23Tgn1XTBlZed1Lal6UHGUbMfFPXMjEP:eWglAxjBiLarD+l

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3223332a358e13ae5f7fa83549e909d0_JaffaCakes118

Files

3223332a358e13ae5f7fa83549e909d0_JaffaCakes118
.sys windows:4 windows x86 arch:x86

de21f5e4630e47996906840fe66eda98

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

MmIsAddressValid
ZwClose
ZwQueryValueKey
RtlInitUnicodeString
ZwOpenKey
ObfDereferenceObject
strncmp
MmGetSystemRoutineAddress
_stricmp
strncpy
RtlCopyUnicodeString
swprintf
wcslen
_wcsnicmp
wcscat
wcscpy
IofCompleteRequest
ExFreePool
_snprintf
ExAllocatePoolWithTag
_except_handler3
_strnicmp
RtlAnsiStringToUnicodeString

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 928B - Virtual size: 904B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ