309e90e120f0ae7f672dd84459bba4dc_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

309e90e120f0ae7f672dd84459bba4dc_JaffaCakes118
Size

27KB
MD5

309e90e120f0ae7f672dd84459bba4dc
SHA1

eec7da8210fde05edede3d56538a15199ffcaba3
SHA256

fbf6137a99963e7db9a95631caa27a90b3def5e747912193cb4c810d1561e489
SHA512

219b0582265d0153a5745e983aa132f6ffa8b3b6b070e52b154317de053f909b03ecee211891a7a51a95db87b798ac85fb0148d13550c9d4a6c7b463c2997185
SSDEEP

768:6Y/y/BT+y4Jyu32Tw7oGuJbLMfmNf07XN:/y/BT+yCyuGtGqbL9N

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
309e90e120f0ae7f672dd84459bba4dc_JaffaCakes118

Files

309e90e120f0ae7f672dd84459bba4dc_JaffaCakes118
.sys windows:4 windows x86 arch:x86

fd4942f4c9e7191131cc9fb1f479d7dc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExFreePool
_snprintf
ExAllocatePoolWithTag
ZwQuerySystemInformation
ZwClose
swprintf
wcscpy
RtlInitUnicodeString
_except_handler3
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
RtlCompareUnicodeString
MmIsAddressValid
wcscat
strncpy
IoGetCurrentProcess
_stricmp
IofCompleteRequest
RtlAnsiStringToUnicodeString
RtlCopyUnicodeString
MmGetSystemRoutineAddress
wcslen
ZwUnmapViewOfSection
_wcsnicmp
ObfDereferenceObject
ObQueryNameString
_strnicmp
strncmp

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 704B - Virtual size: 700B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ