859a8e04ecdea679ef56efff71134866_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

859a8e04ecdea679ef56efff71134866_JaffaCakes118
Size

78KB
MD5

859a8e04ecdea679ef56efff71134866
SHA1

d889a29c18eb65423c7806626853d13b353ca3ed
SHA256

1005fc9e2abd69edb92fe08dbb2056c0fc1c3291e2729f750aa099db9ce2a93a
SHA512

f5c9338b7e1aa3c99a9512a55410e8c64b3ca6056d13e4823346b3bb7685f584124a5273b11a1f6079b484d94e7e8a95d5b4991e171a6bae0a07b900d570e5fd
SSDEEP

1536:taZ40U2am5J03er9cZlk5G9ip1YQg/BK302bXQx/TDL:8dB5cZ4cQg/BK302bX8L

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
859a8e04ecdea679ef56efff71134866_JaffaCakes118

Files

859a8e04ecdea679ef56efff71134866_JaffaCakes118
.sys windows:4 windows x86 arch:x86

e741f532f6bfe10d59b857a5e588418e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExInitializeZone
RtlAppendUnicodeToString
InterlockedExchangeAdd
RtlEqualUnicodeString
RtlCompareMemory
KeQuerySystemTime
IoWMIWriteEvent

Sections

.text
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 332B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.INIT
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ