4179d4acabba3844d6cb678ec11b9bff_JaffaCakes118 | Triage

Sharing

General

Target

4179d4acabba3844d6cb678ec11b9bff_JaffaCakes118
Size

29KB
MD5

4179d4acabba3844d6cb678ec11b9bff
SHA1

ee9566db6776a65377f323967698144babcff79a
SHA256

a7a8dbd4364e34b1e7314a371fa934722e552d620ae5ea8190dc214ce3d1bdc2
SHA512

9a0b8d1a1d8bd58f27cac0af86b0994a50bdf339e3d1fa096675f36a4d20a3ddf8be484efcb06a67e89d0fe1db01ad1faafb1c96775deadbd29e96bb9d32cf54
SSDEEP

768:dTFQGsbv7/j5LimRqxvtV/faM5iOZ9jNd:XQGsbv7/kxvtVcuTd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4179d4acabba3844d6cb678ec11b9bff_JaffaCakes118

Files

4179d4acabba3844d6cb678ec11b9bff_JaffaCakes118
.sys windows:4 windows x86 arch:x86

3daa1770cefacaa206d63d27d7ebefa0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

_stricmp
RtlInitUnicodeString
ExFreePool
ExAllocatePoolWithTag
wcslen
swprintf
MmIsAddressValid
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
wcscpy
wcscat
ZwUnmapViewOfSection
strncpy
_wcsnicmp
_snprintf
ZwQuerySystemInformation
RtlCopyUnicodeString
_except_handler3
IoGetCurrentProcess
RtlCompareUnicodeString
RtlAnsiStringToUnicodeString
ObfDereferenceObject
ObQueryNameString
IofCompleteRequest
MmGetSystemRoutineAddress
_strnicmp
strncmp

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 704B - Virtual size: 686B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ