70f100e9d48afd43859cb0e1336524fe_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

70f100e9d48afd43859cb0e1336524fe_JaffaCakes118
Size

423KB
MD5

70f100e9d48afd43859cb0e1336524fe
SHA1

867113f324501af7bf4aa77fa23165e07a9bc494
SHA256

d87fcbfca308030dafc37285a40100e60754e89de1249cf1e739b81437de9821
SHA512

afd11edf14f1ec497d10a53f6eab917df9fc930eec0e0c2118ee10ed6be37518601255d565dafd6dbceae22b8598d10e3da0ab54de0f80673c29e7457cea6e3a
SSDEEP

12288:m0UXYVNxzwMQPJtnu1QzcOrH0DeND0VTt:mGwM8JtuKUDe+Tt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
70f100e9d48afd43859cb0e1336524fe_JaffaCakes118

Files

70f100e9d48afd43859cb0e1336524fe_JaffaCakes118
.sys windows:6 windows x86 arch:x86

0694dd7b20e22aa4d0d48e84d1249df3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlInitUnicodeString
_allmul
_alldiv
ExFreePoolWithTag
RtlCompareUnicodeString
KeReleaseMutex
KeWaitForSingleObject
memset
ExAllocatePoolWithTag
MmGetSystemRoutineAddress
memcpy
RtlCopyUnicodeString
wcsncat
ZwAllocateVirtualMemory
ExRaiseStatus
IofCompleteRequest
swprintf
KeQuerySystemTime
sprintf
KeTickCount
KeBugCheckEx
ObfDereferenceObject
ExAllocatePoolWithTagPriority
RtlUnwind

hal

KeGetCurrentIrql

Sections

.text
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 353KB - Virtual size: 352KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 732B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 768B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ