775145f4c4b422e3b5e1bc1d4b08b76b_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

775145f4c4b422e3b5e1bc1d4b08b76b_JaffaCakes118
Size

28KB
MD5

775145f4c4b422e3b5e1bc1d4b08b76b
SHA1

db10c4d99241430a2f47b17fed38be07bc3bfe47
SHA256

80aa2839f6afa3e2b559a3feea356d9073c6079b90e4d5df3cffce4ed2ef1900
SHA512

fbbfc3f072e84f3e3f07ae467d617cbee50a004cabac1dc92245cb7dfb8f83c54773e525e55b126f5b0f0e0ddc7e65d309de8318b41851338ea92417a5b9d763
SSDEEP

768:OEgygtr2G9czqyquacHZ1ZkT3HBM0lKd8yD:OEicG9ceGQHBMUKt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
775145f4c4b422e3b5e1bc1d4b08b76b_JaffaCakes118

Files

775145f4c4b422e3b5e1bc1d4b08b76b_JaffaCakes118
.sys windows:4 windows x86 arch:x86

0d7e0aaed45f31dfa03cbb67fdab2e8d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlAnsiStringToUnicodeString
wcslen
wcscat
wcscpy
_except_handler3
RtlInitUnicodeString
ObfDereferenceObject
strncpy
swprintf
_strnicmp
_wcsnicmp
ZwClose
ZwOpenKey
strncmp
_stricmp
IofCompleteRequest
ExFreePool
_snprintf
ExAllocatePoolWithTag
_itow
RtlCopyUnicodeString
MmGetSystemRoutineAddress

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 896B - Virtual size: 874B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ