6472f67c52fb65c5b2d6fc3cc6a2f0c4_JaffaCakes118 | Triage

Sharing

General

Target

6472f67c52fb65c5b2d6fc3cc6a2f0c4_JaffaCakes118
Size

22KB
MD5

6472f67c52fb65c5b2d6fc3cc6a2f0c4
SHA1

8cd024b4b6f173060e88477928561bf9a2fc10c9
SHA256

5efbd0f50893a0343ca395539064c0b2a7f143851a65be6a755d315460603ba5
SHA512

aedd7aa28c0fd0dc581b1e935271160ca451fe569c430936d3477ac87d2ce3255fe56347644a8da637322a1ecd5029143ae1a11fc4c151a93beda72d4992aa5c
SSDEEP

384:pKTwPEngHAP4G0xJk07U4n/sIDg2W/SBv9/7co2bhkQKz9vZ/Vf9BPa:ZPNHMr0xJk07U4n/sIDgF/KlN2bhEtpC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6472f67c52fb65c5b2d6fc3cc6a2f0c4_JaffaCakes118

Files

6472f67c52fb65c5b2d6fc3cc6a2f0c4_JaffaCakes118
.sys windows:4 windows x86 arch:x86

86fdfe74db8ee9ed66135e3fe2a92e90

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwClose
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
RtlInitUnicodeString
ObfDereferenceObject
ObQueryNameString
KeServiceDescriptorTable
_strnicmp
MmGetSystemRoutineAddress
swprintf
wcscat
wcscpy
_stricmp
strncpy
ExFreePool
ExAllocatePoolWithTag
_wcsnicmp
wcslen
IofCompleteRequest
strncmp
IoGetCurrentProcess
RtlCopyUnicodeString
_snprintf
ZwQuerySystemInformation
MmIsAddressValid
RtlCompareUnicodeString
ExGetPreviousMode
RtlAnsiStringToUnicodeString
_except_handler3
ZwUnmapViewOfSection

Sections

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 768B - Virtual size: 756B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 928B - Virtual size: 922B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ