373c45494dd7a468f86edd8ec8c77429_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

373c45494dd7a468f86edd8ec8c77429_JaffaCakes118
Size

40KB
MD5

373c45494dd7a468f86edd8ec8c77429
SHA1

1211154f12f56faadf5a088df9af0b2a3d6eb1d1
SHA256

853ec844f3ba47798422bc1cfe380b7086c0e66c83d3b6ac5ed68d77e49b8380
SHA512

145c801260aaf05bbe8a12473bd95466dae751a6a7fbae8cc5b5f8021ccb5d4865124c230db21e16510538e87d5cdc37aa497fba8b731355b12ec16cf53b35d9
SSDEEP

768:FZGEE6W4iMtZezKOtdBa37HiwGJxGmo+Jn9stJfLVd10q5IRuOjvbA4wFJSueV:FZJW47ZezVt/a37ZOGDc9stBLz10qSRJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
373c45494dd7a468f86edd8ec8c77429_JaffaCakes118

Files

373c45494dd7a468f86edd8ec8c77429_JaffaCakes118
.sys windows:5 windows x86 arch:x86

1cf20df4a9930604b95eca9293f7c7cc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlAnsiStringToUnicodeString
MmIsNonPagedSystemAddressValid
RtlAppendUnicodeToString
ExAllocatePoolWithTag
MmGetSystemRoutineAddress
RtlInitAnsiString

Sections

.text
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 256B - Virtual size: 248B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 128B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ