765aa6580a89373e50588de14546fdd1_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

765aa6580a89373e50588de14546fdd1_JaffaCakes118
Size

22KB
MD5

765aa6580a89373e50588de14546fdd1
SHA1

36a4cd84d406cb92379463925e208df06cb1eeef
SHA256

7bfbeb8dccaa7826912ab4bdbf15f7226d1fbf022ed10f55b5e10d6bd38e6b9d
SHA512

3474402b5b5e77713cebf15bda126b96115b669c7b0d62c07c2f1f8cdd2564411d036b07f306fa63b88c439b93d677e67b216bd78fd4587b43e8127f1ff9930a
SSDEEP

384:o7yTiDcu3ipiWocOQ9TcCKkTj4q+4pzGTIs:XmDcu3io0OQ5KWj44C

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
765aa6580a89373e50588de14546fdd1_JaffaCakes118

Files

765aa6580a89373e50588de14546fdd1_JaffaCakes118
.sys windows:5 windows x86 arch:x86

b6707927b2555ba061d81e1f973b22f4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwQueryDirectoryFile
MmGetSystemRoutineAddress
ExAllocatePoolWithTag
MmIsNonPagedSystemAddressValid
RtlInitUnicodeString
RtlEqualString

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 256B - Virtual size: 229B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 128B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ