a89a26d139807d636ac1bb532fb2635a_JaffaCakes118 | Triage

Sharing

General

Target

a89a26d139807d636ac1bb532fb2635a_JaffaCakes118
Size

27KB
MD5

a89a26d139807d636ac1bb532fb2635a
SHA1

b4ca661b594a2790b5cbf5235de0f25e723c16bc
SHA256

bc8b37aa94ed659f8342abbef7d6f987bf452d049df5ab51100ac4287e98cab4
SHA512

ec4634a43f92caa4e82a6c974a6c4dcd92a96f05193f34ed887cc5e6ba0122318ec3cb3952a5e6acf6011ca2323c96d1fe5ad79deef5d3225a798b724c7ee902
SSDEEP

768:NrCh5hXRt4R2MoNVb8+VJQrjDWYlMCImLmppV6g:shjXRuRFMMjNlnVWT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a89a26d139807d636ac1bb532fb2635a_JaffaCakes118

Files

a89a26d139807d636ac1bb532fb2635a_JaffaCakes118
.sys windows:4 windows x86 arch:x86

645c4303b4cc189c33ee9b311cbf0f4a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

wcscpy
wcscat
RtlInitUnicodeString
ZwClose
KeServiceDescriptorTable
RtlCopyUnicodeString
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
strncmp
IoGetCurrentProcess
swprintf
_stricmp
strncpy
ExFreePool
ExAllocatePoolWithTag
_except_handler3
_wcsnicmp
wcslen
MmGetSystemRoutineAddress
MmIsAddressValid
RtlCompareUnicodeString
ExGetPreviousMode
_strnicmp
ObfDereferenceObject
ObQueryNameString
ZwUnmapViewOfSection
_snprintf
ZwQuerySystemInformation
IofCompleteRequest
RtlAnsiStringToUnicodeString

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 768B - Virtual size: 756B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ