8ba6a896531beb60d59733a87b477bbf_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8ba6a896531beb60d59733a87b477bbf_JaffaCakes118
Size

30KB
MD5

8ba6a896531beb60d59733a87b477bbf
SHA1

417f6ff7b1065e690dd455688afe36bb231b15cc
SHA256

f0b1f83cf528975072dc22993a1a14c06fb7dca412a6be78e765c3d64bcfd56e
SHA512

084a21aed11556b494e93f6fece64b8db2010800af340f383bedf4d3030008cfd0f3c27cfaee9be8690248e0852b3a1a4634e8a7acb089168104be5b8bf0e5c6
SSDEEP

384:HWD1Hu+lBNbF4/ec0o6DZzdv6IcoNNO/Y+QBOLx+a+D6FgfgdkDii7m7/lzL5b+C:OAMJNo46Ic0/+Wu+X2gfG7/l5qC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8ba6a896531beb60d59733a87b477bbf_JaffaCakes118

Files

8ba6a896531beb60d59733a87b477bbf_JaffaCakes118
.sys windows:4 windows x86 arch:x86

9e45172a0b1d218e56258a8e0b01b285

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlFreeUnicodeString
ZwFlushVirtualMemory
RtlInitString
RtlAnsiStringToUnicodeString
ZwQueryInformationProcess
RtlCompareUnicodeString
PsGetProcessExitTime
RtlImageNtHeader
ExAllocatePool
IoBuildDeviceIoControlRequest
IoReadOperationCount
KdEnableDebugger
ZwDeviceIoControlFile
KeAttachProcess
DbgPrint
KeQuerySystemTime
strcmp
KeSetKernelStackSwapEnable

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 942B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.debug
Size: 1024B - Virtual size: 663B

IMAGE_SCN_MEM_READ

.rsrc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ