4b0146f106fca773601a1a5186135410_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4b0146f106fca773601a1a5186135410_JaffaCakes118
Size

29KB
MD5

4b0146f106fca773601a1a5186135410
SHA1

aa067fd3a34227d0a2a5d97aa0a2392ce40e26f9
SHA256

fa91cc4e87638de2f04c4aed49d112a659342b9bdc3b1fa19480c7ee1cb73ee5
SHA512

3945cc7373634984a4001a14c1c9d97117f4e3c086d948029465d0f458250d704af5ccaa089e4e806062d4d60acbd2823d7a60a1a485d21d50f286346ec4cc13
SSDEEP

768:j8zNoG7VxUUJSH05nS4ifyPo6XT8OiIyZf52:j8poABp5nHiU7iIc2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4b0146f106fca773601a1a5186135410_JaffaCakes118

Files

4b0146f106fca773601a1a5186135410_JaffaCakes118
.sys windows:4 windows x86 arch:x86

a6315dbd7db4d0517a5e20f41458638a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

_strnicmp
RtlCopyUnicodeString
RtlInitUnicodeString
strncmp
wcscat
swprintf
strncpy
wcscpy
ObfDereferenceObject
ObQueryNameString
RtlAnsiStringToUnicodeString
_snprintf
ExFreePool
ExAllocatePoolWithTag
MmGetSystemRoutineAddress
ZwMapViewOfSection
ZwCreateSection
_wcsnicmp
wcslen
_stricmp
ZwUnmapViewOfSection
_except_handler3

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 544B - Virtual size: 530B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ