a6138264b938ed9a11d8e657ae7c5fa0_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a6138264b938ed9a11d8e657ae7c5fa0_JaffaCakes118
Size

40KB
MD5

a6138264b938ed9a11d8e657ae7c5fa0
SHA1

51a70f5e2b41b206716da7205fcb84e26d01f081
SHA256

2d70d3c6df791c144a8e3ab3e0575dea51f3d5be63cc5f18bd4870c43ee2e408
SHA512

e51fd53681776e982e9b581ef1a966e82836a2e173616150f56a1fcefb35e4886f65c4c3a508f0e8afb633dd4e7643e6e39d23b59ee5d8f28783609228a01e59
SSDEEP

768:RjDpZ1WSAvrcpBda1yIxpAx7ol412yJnt2fk5RX9auxPrsC7Gdi3M:HWSAvrcXgLpAxLZtvTIIPrsUz8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a6138264b938ed9a11d8e657ae7c5fa0_JaffaCakes118

Files

a6138264b938ed9a11d8e657ae7c5fa0_JaffaCakes118
.sys windows:5 windows x86 arch:x86

5e3dfc26b6a33d0c5533f3d2e01f1c1a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExAllocatePoolWithTag
RtlStringFromGUID
RtlInitUnicodeString
ExUuidCreate
MmGetSystemRoutineAddress
RtlLengthSecurityDescriptor

Sections

.text
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 256B - Virtual size: 221B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 128B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ