b285b88ed4315f4deb9fad27c5e485f4_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b285b88ed4315f4deb9fad27c5e485f4_JaffaCakes118
Size

41KB
MD5

b285b88ed4315f4deb9fad27c5e485f4
SHA1

ab64134533a2b98991ecb4e3fdd97dc8a657046a
SHA256

d121d0219b95b23d89d1581be5c8648215c56ea2fd82e04b9a07c1eadc8f8f57
SHA512

274414a1102f27d7fa67fbf7e697688fd787dcac85c39f475e7205a3e8e224a725259918adbba606089062eac729b52913276f02cc39378eb0c78f7cf5ec8ac8
SSDEEP

384:a9Nd/dvf7vpMy1W47yu6zERNTT689ZhOCqdSeSwkGEAU1:aN9j2/GHVhOCqdSwhq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b285b88ed4315f4deb9fad27c5e485f4_JaffaCakes118

Files

b285b88ed4315f4deb9fad27c5e485f4_JaffaCakes118
.sys windows:5 windows x86 arch:x86

e26a2aab62ad92cb1745c723640a0e74

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoGetCurrentProcess
RtlInitUnicodeString
SeCreateAccessState
RtlCreateSecurityDescriptor
MmGetSystemRoutineAddress
ExAllocatePoolWithTag

Sections

.text
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 256B - Virtual size: 230B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 128B - Virtual size: 30B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ