71c514789855d8dd9b9470928b0c7267_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

71c514789855d8dd9b9470928b0c7267_JaffaCakes118
Size

29KB
MD5

71c514789855d8dd9b9470928b0c7267
SHA1

6df1f8795788647b59814977ff669f8c4977e063
SHA256

1b888eab788f4989922bddb69d4bdbda2083f9cb1399bb6451a9eafcf2aa6353
SHA512

0c7bee02bed3b62585a3848fa8f64483ffb709aace849e496916eed6b21e02f7c3ae34f48743be677508e761dfb3d074e706eeceefda459038ca38500c62b3d6
SSDEEP

768:l+PVLsTXwAorc4ItsvQrMgGN9Nij8wpR+a+:gPVLsWc4IM79ID+a+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
71c514789855d8dd9b9470928b0c7267_JaffaCakes118

Files

71c514789855d8dd9b9470928b0c7267_JaffaCakes118
.sys windows:4 windows x86 arch:x86

2866354df5e09a0d669613038448034a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ObfDereferenceObject
ObQueryNameString
strncmp
IoGetCurrentProcess
wcslen
RtlInitUnicodeString
wcscpy
wcscat
RtlCopyUnicodeString
_stricmp
IofCompleteRequest
MmIsAddressValid
strncpy
swprintf
_wcsnicmp
RtlCompareUnicodeString
RtlAnsiStringToUnicodeString
_strnicmp
MmGetSystemRoutineAddress
ExFreePool
ExAllocatePoolWithTag
ZwUnmapViewOfSection
_snprintf
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
_except_handler3

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 704B - Virtual size: 686B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ