741d581a38263ee4da13f74622039e2e_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

741d581a38263ee4da13f74622039e2e_JaffaCakes118
Size

22KB
MD5

741d581a38263ee4da13f74622039e2e
SHA1

faa9d91ee7cf07e41c429c2f5dc70173e95914ba
SHA256

8dee82a4c8f3625efe8c7d6524174d0a490ea2c43c7a1396bfe9d08284412e48
SHA512

957982e40c7e598c17c8dd1b049d5578f719c16e52ebf63224e59e66de058a9b5ea0a6bf989dfc62dd44029a74ced88919228de3c9c7a8f6feca8ce18b8783bf
SSDEEP

384:mDOmI8gtEY75GCI356GgYY8kXnF1dzbj0g12Zxrds9eM8ZaAa:YdYO556BYY8mF1xgg8xZrM80P

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
741d581a38263ee4da13f74622039e2e_JaffaCakes118

Files

741d581a38263ee4da13f74622039e2e_JaffaCakes118
.sys windows:4 windows x86 arch:x86

e095fb65e1a41fb3913e4be8e44428cb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

CcUnpinData
towupper
RtlIntegerToUnicodeString
RtlGetSaclSecurityDescriptor
WRITE_REGISTER_ULONG
ExFreePool
ZwQueryDefaultLocale
ZwQueryInformationProcess
ObQueryNameString
IoBuildAsynchronousFsdRequest
RtlFillMemoryUlong
RtlCustomCPToUnicodeN
PsChargePoolQuota
InterlockedIncrement
ZwSaveKey
IoGetInitialStack
ExSystemExceptionFilter
FsRtlAreNamesEqual
MmIsNonPagedSystemAddressValid
DbgPrint
RtlFindMessage
ZwQueryInformationFile

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

ILIT
Size: 1024B - Virtual size: 614B

IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 391B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ