93c50704eb93b72b1c4e21b52d9e9872_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

93c50704eb93b72b1c4e21b52d9e9872_JaffaCakes118
Size

28KB
MD5

93c50704eb93b72b1c4e21b52d9e9872
SHA1

970b44dc24c37028fa9096312fb7018f776728d5
SHA256

1f2338b6fe3f411c26de3d8318d0a5a2d82e012a2e665493419332a83fc6191a
SHA512

78daaf376a3fa06e9a7a86b66d2035e6641948e65d0a933154ee63b84dc7b2a970e78c7e526e2e74a98719e0ea6e0a62dcb286235c73d5c29aee0315e6c34fbf
SSDEEP

768:9NzY15gF6hGa2rdBp9GcjcV2b5qZ7HX7009VkR:oDK69W9/jcV2YZ7r00Q

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
93c50704eb93b72b1c4e21b52d9e9872_JaffaCakes118

Files

93c50704eb93b72b1c4e21b52d9e9872_JaffaCakes118
.sys windows:4 windows x86 arch:x86

195a0d08b6f63193b3e911067d92b63a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

MmGetSystemRoutineAddress
RtlInitUnicodeString
strncmp
_strnicmp
swprintf
wcslen
wcscat
wcscpy
_except_handler3
RtlCopyUnicodeString
ExFreePool
_snprintf
ExAllocatePoolWithTag
strncpy
_stricmp
ObfDereferenceObject
ZwClose
ZwOpenKey
IofCompleteRequest
_wcsnicmp
RtlAnsiStringToUnicodeString
_itow

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 832B - Virtual size: 826B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ