4101e07f080f1b12189cabbd8761d42f_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4101e07f080f1b12189cabbd8761d42f_JaffaCakes118
Size

29KB
MD5

4101e07f080f1b12189cabbd8761d42f
SHA1

736c82cf89f4c5ac8bbf317b51f5ce38690fdfb6
SHA256

380ea4f77fc59ed1059d0a0fe161f2098ba5f18cb8d9bb4fba560dc1c2014b2a
SHA512

2527b3fbadbea9e49009fb2fce10dc7522f6027070c5b69dfdc9f08bbd24378a8189ee02f36e00ccad7c2bad81e957716053f0307508eaec82bc1bebddedbca6
SSDEEP

768:v9taac4p1tiNpzKN8jKKnnY0DGdRCSUdUww+:xc4rEAN8m2aRCVdJN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4101e07f080f1b12189cabbd8761d42f_JaffaCakes118

Files

4101e07f080f1b12189cabbd8761d42f_JaffaCakes118
.sys windows:4 windows x86 arch:x86

882ff37ce59555556621cbbc64406bc0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

swprintf
wcscat
wcscpy
_stricmp
strncpy
RtlInitUnicodeString
wcslen
_wcsnicmp
ExFreePool
ExAllocatePoolWithTag
IoGetCurrentProcess
_except_handler3
RtlCopyUnicodeString
ZwUnmapViewOfSection
RtlCompareUnicodeString
strncmp
_strnicmp
ObfDereferenceObject
ObQueryNameString
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
MmGetSystemRoutineAddress
MmIsAddressValid
_snprintf
ZwQuerySystemInformation
RtlAnsiStringToUnicodeString

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 672B - Virtual size: 660B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ