6f1fdb74c996c131fa14c6a709ced425_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6f1fdb74c996c131fa14c6a709ced425_JaffaCakes118
Size

41KB
MD5

6f1fdb74c996c131fa14c6a709ced425
SHA1

1beb8bb3a976f4c07464f4f64bc8d603886e17bd
SHA256

81540045bef61879113467513417b0c423222e9a3171ed5ef7e240bf952ff60c
SHA512

664f9e9bfddef24e078b5d51ffc6c7559fa13f412c9dddf87a1e5edf1a487517412a6f052390a8d3bad38ac5ed121e2033274a55e701fd626815068e5824f766
SSDEEP

768:Raa6O9ObmOcNQ70auAk38po5wiFUHIaURZWfbnD+N7rDK:RaI9OFc+0au7MS5w0UHYZ4/QrD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6f1fdb74c996c131fa14c6a709ced425_JaffaCakes118

Files

6f1fdb74c996c131fa14c6a709ced425_JaffaCakes118
.sys windows:5 windows x86 arch:x86

5a62c2247fc637aafed27ee5b9bd898a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlAnsiStringToUnicodeString
RtlInitAnsiString
MmGetSystemRoutineAddress
MmIsNonPagedSystemAddressValid
RtlAppendUnicodeToString
ExAllocatePoolWithTag

Sections

.text
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 256B - Virtual size: 248B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 128B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ