a88968c902812d89e94b7ee7ef41a297_JaffaCakes118 | Triage

Sharing

General

Target

a88968c902812d89e94b7ee7ef41a297_JaffaCakes118
Size

21KB
MD5

a88968c902812d89e94b7ee7ef41a297
SHA1

4035be772193153d97a9ce3672673f3014ef6b28
SHA256

4510e3ffc4b146cf99e5f62e74eafc7c1a728cb5aef6b0ffc04c732ab5803b09
SHA512

66deaf1a25c96427306af15850ab51ede4297fe5d6ca143b534d8dc1f5e88c373caaa2983c1eb32da0c58e44ab908dafa154ec1e6c542facef8096c5544daf25
SSDEEP

384:EemoBzLPNiaF42h33JKSamMmQXAQaAHbW7fP3icl7CYCLP:Eemo5LPNia6EJvMNRbWLviA2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a88968c902812d89e94b7ee7ef41a297_JaffaCakes118

Files

a88968c902812d89e94b7ee7ef41a297_JaffaCakes118
.sys windows:5 windows x86 arch:x86

fa2959a9f853b3d1b8aa344b8e574d1d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

MmProtectMdlSystemAddress
MmGetSystemRoutineAddress
RtlInitUnicodeString
ExAllocatePoolWithTag
RtlLengthSid
NtSetSecurityObject

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 256B - Virtual size: 221B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 128B - Virtual size: 26B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ