63f3d37f0bb0b36c462b02e8977fbf2c_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

63f3d37f0bb0b36c462b02e8977fbf2c_JaffaCakes118
Size

40KB
MD5

63f3d37f0bb0b36c462b02e8977fbf2c
SHA1

3282d42890204e5a2a8846d190a9c7fe49e7c876
SHA256

34b844758da8ce80a5b147b38c5ea21e7c3bb5dc386d20e3055d6958e5d13e0b
SHA512

056afda8c464fc99c9f45eb12f0fa78e4c560fda8517e6799642bed0f4a75a00d2dc0a9f2173bad656443878f8083da04e9be8bd6dfdae628b7c796ce84b2ae6
SSDEEP

768:0Dr04S7OUm0ZhKNEcI8n2y15tNkYF535yHiTjKSIJ9PEwjSYxFM9DkYqFM3Z:0Dr4msGEcz2itPL35l3pIvPEwdxuD8MJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
63f3d37f0bb0b36c462b02e8977fbf2c_JaffaCakes118

Files

63f3d37f0bb0b36c462b02e8977fbf2c_JaffaCakes118
.sys windows:5 windows x86 arch:x86

dddd9b0f0e1f55c4e87ba62f25096fa6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwDeviceIoControlFile
MmGetSystemRoutineAddress
RtlInitUnicodeString
IoGetCurrentProcess
SeAppendPrivileges
ExAllocatePoolWithTag

Sections

.text
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 256B - Virtual size: 223B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 128B - Virtual size: 30B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ