ad142d9f5b1ce957a6772f9fa1074a90_JaffaCakes118 | Triage

Sharing

General

Target

ad142d9f5b1ce957a6772f9fa1074a90_JaffaCakes118
Size

42KB
MD5

ad142d9f5b1ce957a6772f9fa1074a90
SHA1

cc3d7e9c471029c434af3ba2b879a13911e6a0e1
SHA256

9f6f5c85daeb657781f09b4911449d8ead7aaeb2f54448ce1b64306265c2ef3d
SHA512

d6fa9aed2bf8f42e7f886aeab35dfc4dfbb79ad96cb2bff92ffde84697e0eb3826dcbdaee6afe009360030243ee437033e152cd5bd3cf7d67e3de39aba572300
SSDEEP

768:PEs0hqAMVtDRs7h7WD/DrlxaYlj8HggvM0unIMCTPiLjPq1pYoESmo6vxQdoDV:P8q1VtD2lWnrblQHggE0uIDTP4jPk6v/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ad142d9f5b1ce957a6772f9fa1074a90_JaffaCakes118

Files

ad142d9f5b1ce957a6772f9fa1074a90_JaffaCakes118
.sys windows:5 windows x86 arch:x86

3ba4e4d05bc123da527f471a8165a9c8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExAllocatePoolWithTag
KeBugCheck
RtlMultiByteToUnicodeN
MmGetSystemRoutineAddress
RtlIpv6StringToAddressW
RtlInitUnicodeString
ExInterlockedFlushSList

Sections

.text
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 384B - Virtual size: 286B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 128B - Virtual size: 42B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ