3cb144bf4efde49ef7554c4977fbd4db_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3cb144bf4efde49ef7554c4977fbd4db_JaffaCakes118
Size

21KB
MD5

3cb144bf4efde49ef7554c4977fbd4db
SHA1

554f2d17be9264dd76c73b7b89ee20579b0511ef
SHA256

b200e88808a42ef63e6aebf1cb7414f7cf755531f9a85c0bdbaf897b8fb5d9a1
SHA512

c2472b92a066bff4fba8598d7d378e0017980069d2e4871b99f2d997bb42eea6076dc9193be5e4f5434e6cf5176d977bd95894d4bd7577cd189f9c09723b8ab0
SSDEEP

384:jAL7cheGnr65w2v9XKhdz8t2AzYw0SvjMiQSEct2mKq2uYSjcFRO5Ku:jSccG+ZvJK362AzESrySEcQmKlgX0u

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3cb144bf4efde49ef7554c4977fbd4db_JaffaCakes118

Files

3cb144bf4efde49ef7554c4977fbd4db_JaffaCakes118
.sys windows:5 windows x86 arch:x86

6bb11f1599a1ffbabaf4622053c97890

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExAllocatePoolWithTag
RtlInitUnicodeString
ExFreePoolWithTag
MmGetSystemRoutineAddress
ExRaiseStatus
_except_handler3

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 256B - Virtual size: 214B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 256B - Virtual size: 204B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ