3f2a90edbb5af225f706b8325661e17a_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3f2a90edbb5af225f706b8325661e17a_JaffaCakes118
Size

27KB
MD5

3f2a90edbb5af225f706b8325661e17a
SHA1

9fae17770dfeb5eed909c462b68ae3f1e49587a6
SHA256

e894b1a7b1fce17c1bc7a4953352269638316bad268e486afef7dc08db4c8440
SHA512

f1621a7be9f9cd4d9a4dd021f75147998f1ebcac9100b645afddfaa3c3f24e9683b2cbbe7356a8e4ed31447c87afd38b085eaa0f7d4cb4332aebd0ba6ea8fad1
SSDEEP

768:R5OMYzZbKCYDMdHZuAs6Udf/AeyyRaAmkIj:R5uzxKCYYdQACyyRa3jj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3f2a90edbb5af225f706b8325661e17a_JaffaCakes118

Files

3f2a90edbb5af225f706b8325661e17a_JaffaCakes118
.sys windows:4 windows x86 arch:x86

5b74e1d20f364df0954208febd91d672

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExFreePool
ExAllocatePoolWithTag
RtlInitUnicodeString
wcscat
swprintf
_strnicmp
strncpy
IoGetCurrentProcess
ZwUnmapViewOfSection
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
MmIsAddressValid
wcscpy
RtlCopyUnicodeString
wcslen
_snprintf
ZwQuerySystemInformation
_wcsnicmp
_except_handler3
_stricmp
ObfDereferenceObject
ObQueryNameString
MmGetSystemRoutineAddress
RtlCompareUnicodeString
RtlAnsiStringToUnicodeString
strncmp
IofCompleteRequest

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 704B - Virtual size: 686B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ