a93919b1b8f10136b770ba037047a63e_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a93919b1b8f10136b770ba037047a63e_JaffaCakes118
Size

29KB
MD5

a93919b1b8f10136b770ba037047a63e
SHA1

9f32ccfee5a33e46ee38795a7b2cff09717e6b2b
SHA256

81736eb990551c8c140b367d4f7555919a84e2c3e0ad19a93ab66e5c9036684a
SHA512

5fb324c8c02ac15aa020eb116a09e2059f54b47837cb17eaf098a60170db15243776803b927c8483f891e513d1b4a58d4c136346a2726e62d416c36ab139462a
SSDEEP

768:lSPVLsTXwAorc4ItsvQrMgGN9Nij8wpEd:gPVLsWc4IM79IOd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a93919b1b8f10136b770ba037047a63e_JaffaCakes118

Files

a93919b1b8f10136b770ba037047a63e_JaffaCakes118
.sys windows:4 windows x86 arch:x86

2866354df5e09a0d669613038448034a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ObfDereferenceObject
ObQueryNameString
strncmp
IoGetCurrentProcess
wcslen
RtlInitUnicodeString
wcscpy
wcscat
RtlCopyUnicodeString
_stricmp
IofCompleteRequest
MmIsAddressValid
strncpy
swprintf
_wcsnicmp
RtlCompareUnicodeString
RtlAnsiStringToUnicodeString
_strnicmp
MmGetSystemRoutineAddress
ExFreePool
ExAllocatePoolWithTag
ZwUnmapViewOfSection
_snprintf
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
_except_handler3

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 704B - Virtual size: 686B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ