5a84ff1e8c05d7e8bb9c29894ad9170f_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5a84ff1e8c05d7e8bb9c29894ad9170f_JaffaCakes118
Size

28KB
MD5

5a84ff1e8c05d7e8bb9c29894ad9170f
SHA1

4e90933784625f9f4b2a123ac0ebd2dc635b29af
SHA256

435511c81031bf07b066076d405a8cb965ee290a3d64cf7ba68533fb4c5f1a74
SHA512

6ad9c108804994117428d0293aec7cce162ddd3aa3a69df1382f2b7255b1fdf90f2262ddbf3dbbd21efbbf50cb015e5b9f620eb49890a1703eefa78fa491f069
SSDEEP

768:zmE3M5DkUAjhS0xjAtwFIRHawuPvpwjWWW8WMFDp5A:KE3M5hShS0S+FCuPvOc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5a84ff1e8c05d7e8bb9c29894ad9170f_JaffaCakes118

Files

5a84ff1e8c05d7e8bb9c29894ad9170f_JaffaCakes118
.sys windows:4 windows x86 arch:x86

dc6bfa37e3f5fb95836212c90a5e2b0c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlCopyUnicodeString
RtlInitUnicodeString
swprintf
MmGetSystemRoutineAddress
strncmp
ExFreePool
_snprintf
ExAllocatePoolWithTag
strncpy
ZwClose
ZwOpenKey
ObfDereferenceObject
wcslen
wcscat
wcscpy
_strnicmp
_stricmp
RtlAnsiStringToUnicodeString
_wcsnicmp

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 800B - Virtual size: 788B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 832B - Virtual size: 808B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ