8e113e80a983b3b9afea4669896fcae1_JaffaCakes118 | Triage

Sharing

General

Target

8e113e80a983b3b9afea4669896fcae1_JaffaCakes118
Size

28KB
MD5

8e113e80a983b3b9afea4669896fcae1
SHA1

3a851d8239d3e7265b6ef55e0c7d755892d862fa
SHA256

6da191b9e9968af5ce6970942d193edbcd5317e865e21d30dbc9948891d37fe6
SHA512

78fd95837cedfa7dc210d297f1ab69c091bf7650f9d6c64f19cd77b015b47fa4d130f5b76e5121112d56e203ac2b52efd6a8a49e1334c14606be798f3e93da91
SSDEEP

768:NCikvXVbeCv3cVoRWCb/zOXkdtmGS0TYDdinOJNHS2yUD:NCdlv3cVoACb/zJvmn0shinOb/yU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8e113e80a983b3b9afea4669896fcae1_JaffaCakes118

Files

8e113e80a983b3b9afea4669896fcae1_JaffaCakes118
.sys windows:4 windows x86 arch:x86

ab124cd1890a321e2affbb2b7c7172fd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ObfDereferenceObject
wcslen
swprintf
wcscat
wcscpy
_itow
strncmp
_stricmp
strncpy
RtlInitUnicodeString
ZwClose
ZwOpenKey
_except_handler3
_wcsnicmp
MmGetSystemRoutineAddress
IofCompleteRequest
RtlAnsiStringToUnicodeString
_strnicmp
RtlCopyUnicodeString
ExFreePool
_snprintf
ExAllocatePoolWithTag

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 896B - Virtual size: 870B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ