b05998ee2b0ec75cccbeeba7b5801010_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b05998ee2b0ec75cccbeeba7b5801010_JaffaCakes118
Size

22KB
MD5

b05998ee2b0ec75cccbeeba7b5801010
SHA1

8a3181fe1fbe390488f7206b49a8186d9f5d8f9e
SHA256

44cdcd96f40eface804997af3762b5e32801d7207b6bf7f65bb5f0abbf0a536b
SHA512

f39f68b87834975bb2bb42ac17c8d94d3e9a5f82139fefe16263cb5ec6d732aa1f0fe72e2b4663aa23f639f6413f885bd7e5dfbc9fea5f395319abe29f4a5122
SSDEEP

384:ydx/7HNkXWG07PRI008kX3klIRWq6zWT24m7gVeI1dRAkI+vo3v1ypph3r:yddHNkXW4o43klIm624m7g0I1jC+Av1u

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b05998ee2b0ec75cccbeeba7b5801010_JaffaCakes118

Files

b05998ee2b0ec75cccbeeba7b5801010_JaffaCakes118
.sys windows:5 windows x86 arch:x86

5a800c60d8fb35aee3ab7cd095d00d64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

MmProtectMdlSystemAddress
IoAllocateMdl
RtlInitUnicodeString
wcschr
MmGetSystemRoutineAddress
ExAllocatePoolWithTag

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 256B - Virtual size: 209B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 128B - Virtual size: 26B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ