691f9ef4ef2269a9279885aafb3d1fbd_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

691f9ef4ef2269a9279885aafb3d1fbd_JaffaCakes118
Size

27KB
MD5

691f9ef4ef2269a9279885aafb3d1fbd
SHA1

b929a8cea6d3e7d4aa955d91c4e2b0faf54484c1
SHA256

709dc7679dc4ccd65b0f8be98759133cc89584273a1e343d9d8dea3396017b83
SHA512

dad24645474f6027fe97531d0ebbbfecc24daa0d1c80d9bee0da4d7cac1d69d643a5309c3698908ffd6605b5c6245432c9625b90fcdaef0368f55e7b95c8e446
SSDEEP

768:mN5j8udglC2c0ftV/9c1u0crSDRUbacSOV7lwMuKH+Q:qAu27/KmSDxM+Q

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
691f9ef4ef2269a9279885aafb3d1fbd_JaffaCakes118

Files

691f9ef4ef2269a9279885aafb3d1fbd_JaffaCakes118
.sys windows:4 windows x86 arch:x86

076cb72d7506adda5d23e85d9d8f5086

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlInitUnicodeString
RtlCopyUnicodeString
ZwClose
swprintf
wcscpy
_except_handler3
RtlCompareUnicodeString
ExGetPreviousMode
wcslen
wcscat
ExFreePool
_snprintf
ExAllocatePoolWithTag
ZwQuerySystemInformation
MmIsAddressValid
KeServiceDescriptorTable
strncpy
IoGetCurrentProcess
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
ZwUnmapViewOfSection
strncmp
MmGetSystemRoutineAddress
RtlAnsiStringToUnicodeString
_wcsnicmp
_stricmp
_strnicmp
IofCompleteRequest
ObfDereferenceObject
ObQueryNameString

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 768B - Virtual size: 756B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ