4d7daf020a484845cb08583d14c0848d_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4d7daf020a484845cb08583d14c0848d_JaffaCakes118
Size

21KB
MD5

4d7daf020a484845cb08583d14c0848d
SHA1

05127f88c7f896ddb675b3e823b4fd0b3d40977c
SHA256

f33abe20efcbe7688524d3d22e8dc597e18245324eb5566394c853d62a680ca7
SHA512

5fd6bdbef1071c2e816695154cc4678ff62c47329131897265ca922f5a84de335d89184dd72279d7bcebe448963872a8e4ad5c98c1d06f4fad40a07c24fcb47e
SSDEEP

384:KHZGWAtw3XHu8D4fzJJl4PUUlmWLGLSyLm4kPP4wpwi4:0GWt3l87by8FWCSohw4gM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4d7daf020a484845cb08583d14c0848d_JaffaCakes118

Files

4d7daf020a484845cb08583d14c0848d_JaffaCakes118
.sys windows:5 windows x86 arch:x86

6bb11f1599a1ffbabaf4622053c97890

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExAllocatePoolWithTag
RtlInitUnicodeString
ExFreePoolWithTag
MmGetSystemRoutineAddress
ExRaiseStatus
_except_handler3

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 256B - Virtual size: 214B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 256B - Virtual size: 204B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ