64a1da0c66dec4c23cbb0a6679904ecd_JaffaCakes118 | Triage

Sharing

General

Target

64a1da0c66dec4c23cbb0a6679904ecd_JaffaCakes118
Size

40KB
MD5

64a1da0c66dec4c23cbb0a6679904ecd
SHA1

d4478a4c2298b563201c07ab4a43dc72839b1c28
SHA256

974707177a5d2d19d746d8b029727c6ee0ecaaa077533fb0775f7ed07e4463c5
SHA512

9518dd788f55e6389613e91d5d89393777f27eed62c48cb5e6f7ba980ba3b9085d5ffff38dc0656c22c280a9c4df521aea1351e9765c5ce36977e799ffaa9005
SSDEEP

768:dkTcNNHFXTGz51Ya0Cln75WVEDToAhgejcXG/hKPafefxF:NXTGjYa0CXEeL/Oayn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
64a1da0c66dec4c23cbb0a6679904ecd_JaffaCakes118

Files

64a1da0c66dec4c23cbb0a6679904ecd_JaffaCakes118
.sys windows:5 windows x86 arch:x86

70ba4b20b1d02f73dd87b8b1aada5cc4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlInitUnicodeString
MmGetSystemRoutineAddress
RtlTimeToTimeFields
MmFreePagesFromMdl
MmIsNonPagedSystemAddressValid
ExAllocatePoolWithTag
IoAttachDevice
RtlEqualString

Sections

.text
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 384B - Virtual size: 328B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 128B - Virtual size: 46B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ