3885ae5a17d67bc19e24628e86952f01_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3885ae5a17d67bc19e24628e86952f01_JaffaCakes118
Size

39KB
MD5

3885ae5a17d67bc19e24628e86952f01
SHA1

475cb7d009f049e7562fbba5d5bf778b6dfa7220
SHA256

59ca8eab1277a87ca306bc98d62acfbf3254413f706a25a821ae0f45eda6670f
SHA512

f9a42ed6b79246dfad3f34956ce812a293f1be01915f34387930cce6b3a377187c7e3019fa3b5e0249c0b4ed9d7d1e679f7a482c0f7c59aebdb50d46826bb7e7
SSDEEP

768:CW1x0+0PyGFOpj2mHnA6VlQoUUfsK0HE9j9Rdd3uNxIE1V4FZ1UQub:d1x05aGop1nA6VlQoDfsKj3dFi7pb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3885ae5a17d67bc19e24628e86952f01_JaffaCakes118

Files

3885ae5a17d67bc19e24628e86952f01_JaffaCakes118
.sys windows:5 windows x86 arch:x86

4612997441bcca6d5e05aef4863bda19

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExAllocatePoolWithTag
RtlAnsiStringToUnicodeString
MmGetSystemRoutineAddress
RtlInitAnsiString
MmIsNonPagedSystemAddressValid
RtlValidRelativeSecurityDescriptor

Sections

.text
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 384B - Virtual size: 258B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 128B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ