5a63ff00902221fc6e26dab13c4376eb_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5a63ff00902221fc6e26dab13c4376eb_JaffaCakes118
Size

28KB
MD5

5a63ff00902221fc6e26dab13c4376eb
SHA1

be226ec9c022fc0c5f919a5f463a889a2ad013e5
SHA256

f2b27af84d9163aeaf5b8ce388414956819f716f5c9fbffae652fcaba6aeb586
SHA512

12b6c0fdf1af1e784f5e0e77ed933e2a02ca3cec99e6de062db0cb695050978b728a15662f97f5e62aad96d0c4f6ceb346c8d89a0659281031143c6545930ceb
SSDEEP

768:dIH/IMIiHM3w1tcbiD0xAhxO5DRPIQPX0E9OWfgDTmi:PMI0MA1tVwxkUIQPXH9OmWm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5a63ff00902221fc6e26dab13c4376eb_JaffaCakes118

Files

5a63ff00902221fc6e26dab13c4376eb_JaffaCakes118
.sys windows:4 windows x86 arch:x86

df0401777e62667bfeddfd746ad43f1e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

wcslen
ZwClose
ZwOpenKey
IofCompleteRequest
_wcsnicmp
strncmp
_stricmp
strncpy
ObfDereferenceObject
wcscat
wcscpy
_strnicmp
MmGetSystemRoutineAddress
RtlInitUnicodeString
RtlAnsiStringToUnicodeString
_itow
swprintf
_except_handler3
ExFreePool
_snprintf
ExAllocatePoolWithTag
RtlCopyUnicodeString

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 896B - Virtual size: 886B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ