3eab10ab09f6b7ca545c641478fb7e8b_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3eab10ab09f6b7ca545c641478fb7e8b_JaffaCakes118
Size

22KB
MD5

3eab10ab09f6b7ca545c641478fb7e8b
SHA1

a4c7b950ff060d9da916defb8ba55ac570500eab
SHA256

e5a4f4e9a7afb3d895cb0f83c487db4568ce70acf68b71c1600a9d6fc593d4c1
SHA512

657277b3ba236b9929a848ddb6072a92341c272e8e9ea8b1722e8666efd06eccf7e57815f1cddc5bc477ae3220379eca527803d506fe6e8d12a90111c5933c43
SSDEEP

384:cx/7HNkXWG07PRI008kX3klIRWq6zWT24m7gVeI1dRAkI+vo3v1ypphHr:cdHNkXW4o43klIm624m7g0I1jC+Av1yR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3eab10ab09f6b7ca545c641478fb7e8b_JaffaCakes118

Files

3eab10ab09f6b7ca545c641478fb7e8b_JaffaCakes118
.sys windows:5 windows x86 arch:x86

5a800c60d8fb35aee3ab7cd095d00d64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

MmProtectMdlSystemAddress
IoAllocateMdl
RtlInitUnicodeString
wcschr
MmGetSystemRoutineAddress
ExAllocatePoolWithTag

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 256B - Virtual size: 209B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 128B - Virtual size: 26B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ