3aa4c584800d7c04b1da2f8f881a2388_JaffaCakes118 | Triage

Sharing

General

Target

3aa4c584800d7c04b1da2f8f881a2388_JaffaCakes118
Size

30KB
MD5

3aa4c584800d7c04b1da2f8f881a2388
SHA1

a3ba861d10d2b66edaf1e15d8a529f71af0ae668
SHA256

85a2ab251a7d02e3121b123a1ee1f7255d0a3779692a3048c58a9919430c59ad
SHA512

07d7fbd3a3a6cb23c924a3b46bce8b0517cd0b7b89c5146eed24f0af6c4d533f2d5ad01dbc660a3a9d25b9a75305c03c6016a429d6b6ae858042831e68ed9bd9
SSDEEP

768:ptVYjieuUuj8ZVU4FvhJJM2n1hKQHKC8:pSuUlZrFFM2n1hKQHKC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3aa4c584800d7c04b1da2f8f881a2388_JaffaCakes118

Files

3aa4c584800d7c04b1da2f8f881a2388_JaffaCakes118
.sys windows:4 windows x86 arch:x86

e3cc0e5a8c353e40cb9a792abd298ce4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

strncmp
RtlInitUnicodeString
wcscat
swprintf
wcscpy
_stricmp
strncpy
_strnicmp
_wcsnicmp
wcslen
RtlCopyUnicodeString
ObfDereferenceObject
ObQueryNameString
_snprintf
ExFreePool
ExAllocatePoolWithTag
ZwQuerySystemInformation
MmGetSystemRoutineAddress
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
RtlAnsiStringToUnicodeString
RtlCompareUnicodeString
_except_handler3
ZwUnmapViewOfSection

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 640B - Virtual size: 610B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ