ad8ff1d1a6b4114f97777227a1258737_JaffaCakes118 | Triage

Sharing

General

Target

ad8ff1d1a6b4114f97777227a1258737_JaffaCakes118
Size

21KB
MD5

ad8ff1d1a6b4114f97777227a1258737
SHA1

a28dc9cb38efda044d0ea2dcd7e6a74011de9297
SHA256

64237fb3520c5c6533eb5f2b6def9230ac8dcfa9add141943dab90073831ac08
SHA512

afa9f78f5a5c2b6ae4f81217b92cdd49fe656e81b87429cf0f5799862c9c26ade04b8b99022b50426b8822dcdbe155e8e281f02d46e2ca158b21ee0d3af3fea4
SSDEEP

384:du9sxFT5YvMWeY/fNqIZHGTdXi36uNlnUOZbUMwmUaLP+tMkVY5bFSJ:es63eBIxci3VNRH1rwmUFKkyhFSJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ad8ff1d1a6b4114f97777227a1258737_JaffaCakes118

Files

ad8ff1d1a6b4114f97777227a1258737_JaffaCakes118
.sys windows:4 windows x86 arch:x86

f7905c06285378cb5e047600f5c6c81d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

CcUnpinData
towupper
RtlIntegerToUnicodeString
RtlGetSaclSecurityDescriptor
WRITE_REGISTER_ULONG
ExFreePool
DbgPrint
ZwQueryInformationProcess
ObQueryNameString
IoBuildAsynchronousFsdRequest
RtlFillMemoryUlong
RtlCustomCPToUnicodeN
PsChargePoolQuota
InterlockedIncrement
ZwSaveKey
IoGetInitialStack
ExSystemExceptionFilter
FsRtlAreNamesEqual
MmIsNonPagedSystemAddressValid
ZwDuplicateObject
RtlFindMessage
ZwQueryDirectoryFile

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

ILIT
Size: 1024B - Virtual size: 614B

IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 485B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ