a31d63a8a8b85f7b3e3eec94f3277b3c_JaffaCakes118 | Triage

Sharing

General

Target

a31d63a8a8b85f7b3e3eec94f3277b3c_JaffaCakes118
Size

106KB
MD5

a31d63a8a8b85f7b3e3eec94f3277b3c
SHA1

c6895668f895c157a5d6855ef3246be7fb47a115
SHA256

0460b7b353a7eb17e335be6d1527dfc453ded88bad50cd505e31648a64240072
SHA512

6835f5cf78eb655d3e2e0a0942a854e0656333c2a05b20d164c56786503c7b60358ec83bb92edd242754ebcf20ff4adea0beaed77b9d80d92ebd09282b3b74f9
SSDEEP

1536:XdwVQ/Rn/Hw0uIvcoc8vQKRGmQTYmj+FiXdSgqch3PcQMQukNcoI13DXo925bVnP:XR1/HHrFvQvFnppcFJkNcbzCIVnijEN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a31d63a8a8b85f7b3e3eec94f3277b3c_JaffaCakes118

Files

a31d63a8a8b85f7b3e3eec94f3277b3c_JaffaCakes118
.sys windows:4 windows x86 arch:x86

5ff5cddcf42fd41f71ae6f21c8a1604a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlSetDaclSecurityDescriptor
RtlSetDaclSecurityDescriptor
InterlockedExchangeAdd
RtlCreateSecurityDescriptor
ObGetObjectSecurity
IoDeleteDevice
ExDeleteNPagedLookasideList
IoQueueWorkItem
ZwNotifyChangeKey

Sections

.text
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.INIT
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 256B - Virtual size: 238B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ