5f8133ceb505f0903911b4cc85004cb7_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5f8133ceb505f0903911b4cc85004cb7_JaffaCakes118
Size

41KB
MD5

5f8133ceb505f0903911b4cc85004cb7
SHA1

4e7c39441d8be4f357def77e83e28cf0be228817
SHA256

c123d8791b2556e811b7f9c63dce5d8ee0708f35657c31ebeb8403b6c3779f26
SHA512

f099d85f65fe65c575ff0007d3df6ad7fb315dbfe2fb673e5820ff0262609fa86961619ff74676363a2d0122104ad32604bf397ff50a389e18cd64ff067e8c41
SSDEEP

768:P4u9yCRSMy9JjbWpHk0/QkGONmBlimUlYJ72LSdAP:PFh4hvWpj/7GVBlaYp6SQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5f8133ceb505f0903911b4cc85004cb7_JaffaCakes118

Files

5f8133ceb505f0903911b4cc85004cb7_JaffaCakes118
.sys windows:5 windows x86 arch:x86

3714ed7d8ae09489ec2eb0c551b1ffc2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlInitUnicodeString
ExfInterlockedCompareExchange64
MmGetSystemRoutineAddress
SeCaptureSubjectContext
ExAllocatePoolWithTag
KeBugCheck

Sections

.text
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 256B - Virtual size: 229B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 128B - Virtual size: 30B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ