3b983689535cc68f40461b9df5fe617c_JaffaCakes118 | Triage

Sharing

General

Target

3b983689535cc68f40461b9df5fe617c_JaffaCakes118
Size

28KB
MD5

3b983689535cc68f40461b9df5fe617c
SHA1

c99af919a89c50582da0ea6e4352046a6e8637a8
SHA256

0b58f7359920b4a0d97051145abad4c92c41f2fbd530ff75688c745de42c7a18
SHA512

afadb23d98561b5e22ac68bc9f540c3d6b5a3a74824de711550720c3df207704781db1a754d48c7baed0570907e3e7bbe03aa048dd23cb0e92f9400f2d628668
SSDEEP

768:E3e5NOZs6SQJwk7o78a7+Lz97xLImqbSn/BY05:E3eCZsRD6o7Tc9LIxW575

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3b983689535cc68f40461b9df5fe617c_JaffaCakes118

Files

3b983689535cc68f40461b9df5fe617c_JaffaCakes118
.sys windows:4 windows x86 arch:x86

a6f95412f805e191d21eab1686e41965

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwClose
swprintf
wcscpy
RtlInitUnicodeString
_except_handler3
MmIsAddressValid
ExFreePool
_snprintf
ExAllocatePoolWithTag
ZwQuerySystemInformation
wcscat
IofCompleteRequest
wcslen
_stricmp
RtlAnsiStringToUnicodeString
_wcsnicmp
ZwUnmapViewOfSection
strncmp
IoGetCurrentProcess
strncpy
_strnicmp
RtlCompareUnicodeString
ExGetPreviousMode
ObfDereferenceObject
ObQueryNameString
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
RtlCopyUnicodeString
MmGetSystemRoutineAddress

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 736B - Virtual size: 724B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ