394f13205caa3addff313c19ff5f93fb_JaffaCakes118 | Triage

Sharing

General

Target

394f13205caa3addff313c19ff5f93fb_JaffaCakes118
Size

27KB
MD5

394f13205caa3addff313c19ff5f93fb
SHA1

72902472d96cbdf4859b9ad61fbeb62b673d046f
SHA256

0401d14b6486b3028c3e99947b505afbd31d8068dceeeaa2ea305b3877d84f25
SHA512

6c53dcdc62d5fe7b0614f82a9e4ba9e2c96ccb9e390ff8b476fd07ccd7aab8eb87c4527ae04455687b38b145f26d87a545243047d44a7d69c9261b861db4051e
SSDEEP

384:zJ/p3q2TXPon6d8ScWhDF/OgNAzcDk6w+iH543Vy1Mj88Z9rff:zxM2Tgn6u6dVe2k1+o5mVy1M48J

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
394f13205caa3addff313c19ff5f93fb_JaffaCakes118

Files

394f13205caa3addff313c19ff5f93fb_JaffaCakes118
.sys windows:5 windows x86 arch:x86

48ff53159e15ca6d1c9070c513d06931

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoGetDeviceInterfaceAlias
ZwMakeTemporaryObject
ExAcquireResourceSharedLite
IoWMIQueryAllDataMultiple
ExAllocatePool
memset

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 256B - Virtual size: 220B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 128B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ