827081e312f46f31c5d697ec6970051e_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

827081e312f46f31c5d697ec6970051e_JaffaCakes118
Size

27KB
MD5

827081e312f46f31c5d697ec6970051e
SHA1

76383c91dc9b3626afc91a40ffd25d300273a6c4
SHA256

a7134dcec3d26b9c412a21ac8a9ac0c1edeb878a23ab2c9a4ca71dc3003bde57
SHA512

08b0984e52eb2bbb6ff6cf4d2347850e2a388c2f0392b64767d4f13c3fb6a7bb4bf6cb042f8bacbd46a5a44c8a0776d3310dbf38c31c3d81623682306871a1e8
SSDEEP

768:sz7iUxqS6ZuJoKcLILv3VXlwY3+LQc7xf3:LUxq1ZIoKccT3VVwY3+LQoR3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
827081e312f46f31c5d697ec6970051e_JaffaCakes118

Files

827081e312f46f31c5d697ec6970051e_JaffaCakes118
.sys windows:4 windows x86 arch:x86

5fcc2a1255b2b53461e327ffbf9fe7b0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

_strnicmp
ObfDereferenceObject
ExFreePool
_snprintf
ExAllocatePoolWithTag
RtlInitUnicodeString
MmGetSystemRoutineAddress
ZwClose
ZwOpenKey
wcscat
wcscpy
swprintf
RtlAnsiStringToUnicodeString
_wcsnicmp
wcslen
strncpy
_stricmp
IofCompleteRequest
strncmp
RtlCopyUnicodeString

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 832B - Virtual size: 822B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ