a935f2cf7b4d4d13d84165108604f00f_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a935f2cf7b4d4d13d84165108604f00f_JaffaCakes118
Size

37KB
MD5

a935f2cf7b4d4d13d84165108604f00f
SHA1

2a96d96aa22561a77add7f6c5f052b6f24886a5b
SHA256

96878bd864b2e19cf4b8031f579ec00d35185b02a615403b3d3ae3b7b8461fd1
SHA512

83402c7a7abcdb3f4130bbeac7a2db350a3f41591bb420a70c45e0c6953ef72b39b65b951518e558b6a94269a4efea8f82705cef7ddfd36696f1870aecb8436d
SSDEEP

768:ve3iy+DF5h3cWi3yIVHH6QyaboBwiOMHJEybh/lMhPUV/h1:ve3udcWiRH6H13lMA/f

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a935f2cf7b4d4d13d84165108604f00f_JaffaCakes118

Files

a935f2cf7b4d4d13d84165108604f00f_JaffaCakes118
.sys windows:5 windows x86 arch:x86

be6a80efbd57dc0f4a679c321174dca6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

PsCreateSystemThread
RtlInitUnicodeString
memcpy
RtlCompareUnicodeString
RtlFreeAnsiString
atoi
RtlFreeUnicodeString
RtlUnicodeStringToAnsiString
RtlQueryRegistryValues
ExAllocatePoolWithTag
ExFreePool

Sections

.code
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

LDATA
Size: 128B - Virtual size: 1B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 384B - Virtual size: 334B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 768B - Virtual size: 760B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 384B - Virtual size: 302B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ