43105fa41814cfd1469508dd69ad4967_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

43105fa41814cfd1469508dd69ad4967_JaffaCakes118
Size

27KB
MD5

43105fa41814cfd1469508dd69ad4967
SHA1

fd8bd519ac589260f8a98e6ba9d7907fb790ba29
SHA256

86fd20cd92a3818d4013eff6c247c3f102dbe9b844cfed570ce621b48166f62f
SHA512

6bff0bfdfe849b02cafd624b8eb492628a9f1d5a6c3921c39f723c1f98c428848fe39c5d6a7186659d5357c94b97b2d821d9a8a282b5d8182355d59fc4563cc6
SSDEEP

384:nAGX2UTtaEOjssFIUUQ9TL9I/uX+dErbaKPJ+aDJpIKLxZBNGRP3/fy0mb+X1:jX1ta5Y3eLwLdEPJ5DJpIK1ZSRP3noo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
43105fa41814cfd1469508dd69ad4967_JaffaCakes118

Files

43105fa41814cfd1469508dd69ad4967_JaffaCakes118
.sys windows:4 windows x86 arch:x86

272cd9617f59d7b8dbb0cae6c0081785

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

_strnicmp
_stricmp
strncpy
RtlInitUnicodeString
RtlAnsiStringToUnicodeString
swprintf
wcslen
wcscat
wcscpy
_wcsnicmp
strncmp
ExFreePool
_snprintf
ExAllocatePoolWithTag
ZwClose
ZwOpenKey
ObfDereferenceObject
MmGetSystemRoutineAddress
RtlCopyUnicodeString

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 800B - Virtual size: 800B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ