405351efebbbc32c12000daab73960aa_JaffaCakes118 | Triage

Sharing

General

Target

405351efebbbc32c12000daab73960aa_JaffaCakes118
Size

22KB
MD5

405351efebbbc32c12000daab73960aa
SHA1

dd98c2919f1a5ab3fd3c866c9d2c9a72362c73d5
SHA256

4bd060c14a7547b560af51ecf56577f2f2751cd5a0550d61f00211f50e3e176f
SHA512

37fdd86ed2f05d7eb0f44f37246dcf8c05ea5179ea7289bccc6b405117d87bff894b883ec356b2556b04642ff0dab398199ed6568ea05035e1a30bd97dc5d394
SSDEEP

384:0OmM84tfg75GCI356GgYY8kXnF1dsbjrLkag12Zxrds9eM8ZaA5:0dMlR56BYY8mF1EDrg8xZrM804

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
405351efebbbc32c12000daab73960aa_JaffaCakes118

Files

405351efebbbc32c12000daab73960aa_JaffaCakes118
.sys windows:4 windows x86 arch:x86

8600c42ec3e458a13ca4c3188556faf5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlFillMemoryUlong
ZwQueryInformationProcess
InterlockedIncrement
FsRtlAreNamesEqual
towupper
DbgPrint
ZwQueryInformationFile
IoBuildAsynchronousFsdRequest
IoGetInitialStack
ZwQueryDefaultLocale
RtlFindMessage
CcUnpinData
MmIsNonPagedSystemAddressValid
PsChargePoolQuota
RtlIntegerToUnicodeString
ObQueryNameString
ZwDeleteFile
ZwSaveKey
RtlGetSaclSecurityDescriptor
ExFreePool
RtlCustomCPToUnicodeN
ExSystemExceptionFilter
WRITE_REGISTER_ULONG

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

ILIT
Size: 1024B - Virtual size: 614B

IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 391B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 22B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ