35a07ae60cd846c93668aa26feef40cf_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

35a07ae60cd846c93668aa26feef40cf_JaffaCakes118
Size

28KB
MD5

35a07ae60cd846c93668aa26feef40cf
SHA1

0ad7edd23d665f6e700f3d22eb753a4865d5a379
SHA256

9d4d513fb85b7b357681e6fa0d97039ceba654bc5bd48396e288a830b5a1b926
SHA512

06098d789b700a78b55ce4fdc00cb674ef97027291efcdb75e3a493ba892e0d40a0fcc339d0b2932d9c14ed1db801eca445d8ef7b66e379a2f1e24bb0acef3fa
SSDEEP

768:0dRbZlWfQ8ftPW3FEVMe9vQigJasQBNhwRSDWDD:ObZlWYatPUqme9vsssYWmW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
35a07ae60cd846c93668aa26feef40cf_JaffaCakes118

Files

35a07ae60cd846c93668aa26feef40cf_JaffaCakes118
.sys windows:4 windows x86 arch:x86

ec0250a268b32d942fc0ae4b38521494

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

wcslen
strncmp
strncpy
RtlInitUnicodeString
_wcsnicmp
_strnicmp
swprintf
ObfDereferenceObject
wcscat
wcscpy
ExFreePool
_snprintf
ExAllocatePoolWithTag
_stricmp
RtlCopyUnicodeString
MmGetSystemRoutineAddress
ZwClose
ZwOpenKey
RtlAnsiStringToUnicodeString

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 832B - Virtual size: 812B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 832B - Virtual size: 808B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ