342213d8e0a5f0fdda44e82b01a7af8d_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

342213d8e0a5f0fdda44e82b01a7af8d_JaffaCakes118
Size

21KB
MD5

342213d8e0a5f0fdda44e82b01a7af8d
SHA1

36af2b94ceda23ce5ca36b993c5c116baccb07c1
SHA256

88a68c0371bffa3eccfb519d2eca9891e4ac8f0ac3a7c48a68e3c04bb2da9745
SHA512

7b29008b5476f118593453ae896ae6804b34e9077a2162c9ec3bae8d4b63bf879ca1cd53d64f5924d86ab9fc04f28a396aa9fafcd02b20fce57c74f984e3aa97
SSDEEP

384:SmQsr9G99999999999999999999999999999999999999999999995w9X9999E99:SmQsr9G999999999999999999999999z

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
342213d8e0a5f0fdda44e82b01a7af8d_JaffaCakes118

Files

342213d8e0a5f0fdda44e82b01a7af8d_JaffaCakes118
.sys windows:5 windows x86 arch:x86

671bb83d4a701a14edaf88add95de1b4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlInitUnicodeString
MmProtectMdlSystemAddress
KeQuerySystemTime
_alldiv
MmGetSystemRoutineAddress
ExAllocatePoolWithTag

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 256B - Virtual size: 214B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 128B - Virtual size: 26B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ