a663d44f00b35bd08f6965cdd7ca53dc_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a663d44f00b35bd08f6965cdd7ca53dc_JaffaCakes118
Size

56KB
MD5

a663d44f00b35bd08f6965cdd7ca53dc
SHA1

9ddb7ae4df4343ed26b04486f7d68e0d3bc449f5
SHA256

e91c24ffa8ba86cd752bf26d5d162a80a26cd7757d0043a53dcce4b846f8b437
SHA512

c1bdd83367bc3134ee95d0fa835f15825a58a83d307e57ce9be4b2bbd60b590b1232a8bc8dbc3a3ec536f743fc06ad6f8d059974fa2f9ec032e20c41353776d7
SSDEEP

1536:xBCKeuPhRyhR4kXAoSL0yfXF89aVUe6teay:xBn5PIdXAVLnfK/h

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a663d44f00b35bd08f6965cdd7ca53dc_JaffaCakes118

Files

a663d44f00b35bd08f6965cdd7ca53dc_JaffaCakes118
.sys windows:5 windows x86 arch:x86

c59f448b67ebd17e9d38c4e580995f68

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlCompareUnicodeString
_except_handler3
RtlFreeAnsiString
atoi
RtlFreeUnicodeString
RtlUnicodeStringToAnsiString
memset
ExAllocatePoolWithTag
ExFreePoolWithTag
KeInitializeSpinLock
ExAllocatePool
PsCreateSystemThread
RtlInitUnicodeString
memcpy
RtlQueryRegistryValues
KeDelayExecutionThread

hal

KfReleaseSpinLock
KfAcquireSpinLock

Sections

.text
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 256B - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

xdata
Size: 128B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 640B - Virtual size: 568B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ