3ec428a604e01001b9864f115a9e2e18_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3ec428a604e01001b9864f115a9e2e18_JaffaCakes118
Size

21KB
MD5

3ec428a604e01001b9864f115a9e2e18
SHA1

ee7ed21511a5828ea055d11bbf7a44d4b049fdde
SHA256

8480ba0be3267f210492220376644906f94fcd608b51baef9b7faa34c69f1e78
SHA512

b2b9a00b2f45a2e26e1e3777bbc9a23d84cafffbd167725d85bb598b2b458e61dc2c758dfe407bbca08764dfd08fa32d93f4ea5e3db23bb5cbe8015129637ac7
SSDEEP

384:9iAm9eE6MQ5Lzra4cR11D9qIfodp0C44+Ef+DBqPerOZCjaIkNQO:9ix0D5DRgJqIfgp0C44Px0G6aI6QO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3ec428a604e01001b9864f115a9e2e18_JaffaCakes118

Files

3ec428a604e01001b9864f115a9e2e18_JaffaCakes118
.sys windows:5 windows x86 arch:x86

5efea3f04bdad653727a3edde4ba846b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

KeInitializeEvent
MmIsNonPagedSystemAddressValid
wcslen
_wcsnicmp
ExAllocatePoolWithTag
MmGetSystemRoutineAddress

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 256B - Virtual size: 207B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 128B - Virtual size: 34B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ