5b65fa808c4a83261ff42bdad24144c9_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5b65fa808c4a83261ff42bdad24144c9_JaffaCakes118
Size

25KB
MD5

5b65fa808c4a83261ff42bdad24144c9
SHA1

9b04708ae2fd623a33c3f1fb91465bd6536cdc59
SHA256

9286acca0c3b801966465073ab38b87d5758908652e1ee2b34fcce6b92b831f2
SHA512

e32ada702dd129ae30e674b0779b72238c7bc78fd93799c713df8062c55a384bb18161293e941f8ea93e3079ae1325de438edf0bd32d8a8bd9bd3aa4deda7900
SSDEEP

768:NcqtGkGzAcJtN6jdIsEwzcRXgSkjHc/DBGFRG:NcqtHr5IQAtgSO8IFR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5b65fa808c4a83261ff42bdad24144c9_JaffaCakes118

Files

5b65fa808c4a83261ff42bdad24144c9_JaffaCakes118
.sys windows:4 windows x86 arch:x86

6ad1931012d9fc6ead2163dddbb29caa

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlCopyUnicodeString
RtlInitUnicodeString
wcslen
swprintf
IofCompleteRequest
MmIsAddressValid
MmGetSystemRoutineAddress
RtlCompareUnicodeString
ExGetPreviousMode
_strnicmp
ZwClose
ZwQueryValueKey
ZwOpenKey
strncpy
wcscpy
_except_handler3
strncmp
ExFreePool
_snprintf
ExAllocatePoolWithTag
ObfDereferenceObject
_stricmp
_wcsnicmp
RtlAnsiStringToUnicodeString

Sections

.text
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 960B - Virtual size: 936B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ