3827d81fa52e27869b0ee9d412641169_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3827d81fa52e27869b0ee9d412641169_JaffaCakes118
Size

26KB
MD5

3827d81fa52e27869b0ee9d412641169
SHA1

4c5adaf2492a8d958edd6dd1727f25975faea96c
SHA256

51b6eee5cbe07dd169455642118e43a862f6227067413c35d307e5d8ff2e5299
SHA512

51bdb33ac746367d2d2d9bc929e44467a5f19dafc0b246d5acb29f5d23c232811ce06ef52ecd625e3531fa0c9b26beba0813c23e873788c5ff014181d4ba825f
SSDEEP

768:44NUFQwvmJe4EwR80iTH0ULeUmU1+0l/w:4D/zZY0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3827d81fa52e27869b0ee9d412641169_JaffaCakes118

Files

3827d81fa52e27869b0ee9d412641169_JaffaCakes118
.sys windows:4 windows x86 arch:x86

8bc37b19ea9a8c300c6c0f252694a341

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

MmGetSystemRoutineAddress
RtlInitUnicodeString
ZwClose
swprintf
wcscat
wcscpy
_stricmp
strncpy
_strnicmp
_wcsnicmp
wcslen
RtlAnsiStringToUnicodeString
IoGetCurrentProcess
ObfDereferenceObject
ObQueryNameString
KeServiceDescriptorTable
_except_handler3
ZwUnmapViewOfSection
ExFreePool
ExAllocatePoolWithTag
_snprintf
ZwQuerySystemInformation
MmIsAddressValid
strncmp
RtlCompareUnicodeString
RtlCopyUnicodeString
IofCompleteRequest
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 736B - Virtual size: 732B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ