6f11d45b386e9192a4e8d757cbe3723d_JaffaCakes118 | Triage

Sharing

General

Target

6f11d45b386e9192a4e8d757cbe3723d_JaffaCakes118
Size

28KB
MD5

6f11d45b386e9192a4e8d757cbe3723d
SHA1

0defd5528d43223ed621ea41f7f7ab719e560229
SHA256

fa9c66c6263bf44d93aac6356d2b07514808efd2836fef1133c57bbec75bc4b5
SHA512

844647235c7b5efa48381829ca5902c2e92c20edc4dadc55639d2737d5de72229ae6d1ef7283bf59ff9d285a4751cee4cf96a3ef1d6f74fe2ce2cb8aa61ff431
SSDEEP

768:QiHMmrTPBHrzjVyezBuzdQ5dAF9XpnEH9eHo2A9A1Q1gY80Nj8sHIJtnW:Q2MYTpr/oz+AF9X1M99hC3Y8woa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6f11d45b386e9192a4e8d757cbe3723d_JaffaCakes118

Files

6f11d45b386e9192a4e8d757cbe3723d_JaffaCakes118
.sys windows:4 windows x86 arch:x86

8f5eb11f7da93a6ad2be4525a26a6034

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

swprintf
RtlInitUnicodeString
wcscat
wcscpy
_itow
strncpy
_strnicmp
_stricmp
wcslen
_except_handler3
strncmp
ExFreePool
_snprintf
ExAllocatePoolWithTag
RtlAnsiStringToUnicodeString
ObfDereferenceObject
MmGetSystemRoutineAddress
RtlCopyUnicodeString
IofCompleteRequest
ZwClose
ZwOpenKey
_wcsnicmp

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 896B - Virtual size: 882B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ