682fe311967a22f155cb6bfbc083c954_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

682fe311967a22f155cb6bfbc083c954_JaffaCakes118
Size

28KB
MD5

682fe311967a22f155cb6bfbc083c954
SHA1

65696a20b954a699946eaf8c70452f4b2e80e7a4
SHA256

baf405e91ecb8bad04018523b781863ef693f256502e3eec059ff6ff83892736
SHA512

611c4c599a94f6eb33bc754c3a381569874ad65a675890475db250c5cbdbe2dbce4a6e32ac7909b39937063e6f93b2c174cc80f77bb2f9ceeb1a9d6798795f97
SSDEEP

384:7pUHD+O1+vxL9qY1vv0LS86z01pv9GTXaSuM1o8bGOH:7pBlpL9BRv0Ozopv9CwMZbZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
682fe311967a22f155cb6bfbc083c954_JaffaCakes118

Files

682fe311967a22f155cb6bfbc083c954_JaffaCakes118
.sys windows:4 windows x86 arch:x86

99ffe4665bf25f593754444929d7909d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwClose
ExFreePool
ExAllocatePoolWithTag
RtlInitUnicodeString
IofCompleteRequest
swprintf
wcscpy
_except_handler3
wcscat
_stricmp
strncpy
MmIsAddressValid
strncmp
IoGetCurrentProcess
MmGetSystemRoutineAddress
ZwUnmapViewOfSection
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
ObfDereferenceObject
ObQueryNameString
_strnicmp
RtlCompareUnicodeString
ExGetPreviousMode
wcslen
_wcsnicmp
_snprintf
ZwQuerySystemInformation
RtlAnsiStringToUnicodeString
RtlCopyUnicodeString

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 736B - Virtual size: 724B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ