94eb5820bc57767bc68fb30ebda32250_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

94eb5820bc57767bc68fb30ebda32250_JaffaCakes118
Size

22KB
MD5

94eb5820bc57767bc68fb30ebda32250
SHA1

bc8672ae21ce0a2b8c47e95535b965deb83edba1
SHA256

ab1f8a21c71dcb8b98232f953eaa3ea5e6f5d1b79c2682f93fe3043a73d679b5
SHA512

ce833354142a124ce39ed456cc71e530cb5c1e382e19bee5a181fb24d98d31becf21e5bd5dc39168a08616cde7644039d364eb14234ea0072cdf4e63c5e81797
SSDEEP

384:a0zJrberPaHuO37lKnz5VcFYOfadYdb+hzfuAs+YBNQ1MM4pHjhJuq:rrnA5ROfao6zfuzFMqHZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
94eb5820bc57767bc68fb30ebda32250_JaffaCakes118

Files

94eb5820bc57767bc68fb30ebda32250_JaffaCakes118
.sys windows:4 windows x86 arch:x86

e095fb65e1a41fb3913e4be8e44428cb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

CcUnpinData
towupper
RtlIntegerToUnicodeString
RtlGetSaclSecurityDescriptor
WRITE_REGISTER_ULONG
ExFreePool
ZwQueryDefaultLocale
ZwQueryInformationProcess
ObQueryNameString
IoBuildAsynchronousFsdRequest
RtlFillMemoryUlong
RtlCustomCPToUnicodeN
PsChargePoolQuota
InterlockedIncrement
ZwSaveKey
IoGetInitialStack
ExSystemExceptionFilter
FsRtlAreNamesEqual
MmIsNonPagedSystemAddressValid
DbgPrint
RtlFindMessage
ZwQueryInformationFile

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

ILIT
Size: 1024B - Virtual size: 614B

IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 435B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ