b22ac8b82d581321bca50f70d2d50c7c_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b22ac8b82d581321bca50f70d2d50c7c_JaffaCakes118
Size

27KB
MD5

b22ac8b82d581321bca50f70d2d50c7c
SHA1

509581afffe57643c60029d3bfa7ba4a748b050e
SHA256

e864fdac00ee5abec80daef3404ce834fb71c8b0ceb7d779839bd7c5abe8beb8
SHA512

3a5cb659d2db32b7e6afd8f2f05583a592eda4859cc89963fbea447ecc347a78c0e8a11f5dab370b128f1006b15edb9c2dacb4e5c8d8bac67840158e52f5c258
SSDEEP

768:WNY9RUAqAf7DVfgvcePJxGlijkGb/pGvZNAseWZm:WNY9q6/tneBxGlijkGbsvZoWZm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b22ac8b82d581321bca50f70d2d50c7c_JaffaCakes118

Files

b22ac8b82d581321bca50f70d2d50c7c_JaffaCakes118
.sys windows:4 windows x86 arch:x86

90bd435f46f0defdce4b11d3ecfde55d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlAnsiStringToUnicodeString
RtlCopyUnicodeString
RtlInitUnicodeString
wcslen
wcscat
wcscpy
swprintf
_strnicmp
IofCompleteRequest
_wcsnicmp
strncmp
MmGetSystemRoutineAddress
ObfDereferenceObject
ZwClose
ZwOpenKey
_stricmp
strncpy
ExFreePool
_snprintf
ExAllocatePoolWithTag

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 832B - Virtual size: 818B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ