a9bf7d2aa5e325555caf73ccca43728c_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a9bf7d2aa5e325555caf73ccca43728c_JaffaCakes118
Size

28KB
MD5

a9bf7d2aa5e325555caf73ccca43728c
SHA1

13285ab372d834941b4bca8fb9cb4f86f0daee33
SHA256

7a96b6231653cc888f0b2a076dba6f9020c88b21623018b60d357ca6211369e0
SHA512

6b01ce56c71062df43ef3082e2db7ae072978106624c631f37c3da453377ae57346517cb749eb4d6ab3ece96a342c8a83cdaa0c1243c2e991829b5ac6a23e359
SSDEEP

384:A1hpBQua3SNX+WBYsSeVG3c286jSBn3RRgDkuiHcnmmMLHsLiM:EhpWu9++Gd86y3ADH6m9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a9bf7d2aa5e325555caf73ccca43728c_JaffaCakes118

Files

a9bf7d2aa5e325555caf73ccca43728c_JaffaCakes118
.sys windows:4 windows x86 arch:x86

ee70d4c17a3cbc7c7e6114fcf2f2fca0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

strncpy
IoGetCurrentProcess
ExFreePool
ExAllocatePoolWithTag
RtlInitUnicodeString
ZwClose
_snprintf
ZwQuerySystemInformation
RtlCompareUnicodeString
ExGetPreviousMode
wcscpy
wcscat
swprintf
_wcsnicmp
wcslen
RtlCopyUnicodeString
_except_handler3
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
ZwUnmapViewOfSection
strncmp
MmGetSystemRoutineAddress
MmIsAddressValid
_stricmp
_strnicmp
IofCompleteRequest
RtlAnsiStringToUnicodeString
ObfDereferenceObject
ObQueryNameString

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 736B - Virtual size: 724B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ