74b8b279c8d55ee9f35f06cdfff8e86e_JaffaCakes118 | Triage

Sharing

General

Target

74b8b279c8d55ee9f35f06cdfff8e86e_JaffaCakes118
Size

28KB
MD5

74b8b279c8d55ee9f35f06cdfff8e86e
SHA1

30c69926c0458b66860e3714a8aa3fa8b2ba6ac5
SHA256

f8ad6585bd24340d4deee937ce3728f184c6637d95a9fa99e50008e2b58dd708
SHA512

7c1ed88749a59451e5e8c94406cfae2eba36366fcf93e62d1ad153157c17f41c081050b515971266e615d5218c0ae771132304d75bfe2f94142bd88b3d3f1229
SSDEEP

384:fXFL7Der9LG/FtbbuY4zNk6nKjvmUvsQeAOczHZorJM+C:fF7aZGjbrwNkDjvBvsJJg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
74b8b279c8d55ee9f35f06cdfff8e86e_JaffaCakes118

Files

74b8b279c8d55ee9f35f06cdfff8e86e_JaffaCakes118
.sys windows:4 windows x86 arch:x86

c1e9aecad48415828dac21688e6a7d4d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

wcslen
swprintf
RtlInitUnicodeString
wcscpy
wcscat
strncpy
IoGetCurrentProcess
IofCompleteRequest
RtlCopyUnicodeString
MmIsAddressValid
_except_handler3
ExFreePool
ExAllocatePoolWithTag
MmGetSystemRoutineAddress
strncmp
_wcsnicmp
ZwUnmapViewOfSection
_snprintf
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
RtlAnsiStringToUnicodeString
RtlCompareUnicodeString
_stricmp
ObfDereferenceObject
ObQueryNameString
_strnicmp

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 704B - Virtual size: 686B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ