31dd19b8f8df9ef6cd38eb78938e871c_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

31dd19b8f8df9ef6cd38eb78938e871c_JaffaCakes118
Size

21KB
MD5

31dd19b8f8df9ef6cd38eb78938e871c
SHA1

babe743ccfc3b1a3a8aefc8eca3cdee2010d01c2
SHA256

6e4fdc88884f25489bcb36fe97b637eec55e0454bf4cdc7e2d27153aa2be0197
SHA512

facbb07726c66b6e6d6dce7298e0ebe623a7ce39f557bb6af21fd1aa66d45eb1f20899ad33af9c133347da4ebda1f91e441cec872996593b8135bf2b90348bd7
SSDEEP

384:YemoBzLPNiaF42h33JKSamMmQXAQaAHbW7fP3icl7CY0LP:Yemo5LPNia6EJvMNRbWLviAM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
31dd19b8f8df9ef6cd38eb78938e871c_JaffaCakes118

Files

31dd19b8f8df9ef6cd38eb78938e871c_JaffaCakes118
.sys windows:5 windows x86 arch:x86

fa2959a9f853b3d1b8aa344b8e574d1d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

MmProtectMdlSystemAddress
MmGetSystemRoutineAddress
RtlInitUnicodeString
ExAllocatePoolWithTag
RtlLengthSid
NtSetSecurityObject

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 256B - Virtual size: 221B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 128B - Virtual size: 26B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ