b74e85c85ae1470cefa4df10cecd2434_JaffaCakes118 | Triage

Sharing

General

Target

b74e85c85ae1470cefa4df10cecd2434_JaffaCakes118
Size

24KB
MD5

b74e85c85ae1470cefa4df10cecd2434
SHA1

1245bd8a594dcc9b1adbda01e3052e98bb9b2467
SHA256

313b85b68d03b35d4aaa556ba0bdbf234a3e8ccdacd405e2095972b519a325eb
SHA512

c06321a27f85c3d512b005f2161192fcc9cd89567531f2c4462400c4f0b6218fa42c3e135d258371ecec37a6bb4db1f4129719828316738bbe7d18b7d36bdceb
SSDEEP

384:S6REg/ShXgNY5ovfQ9QOnfyva3MUYBs7ZBkKFUndoQx6GckVww0pOhHQW:sthdMBOnK/BLrQW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b74e85c85ae1470cefa4df10cecd2434_JaffaCakes118

Files

b74e85c85ae1470cefa4df10cecd2434_JaffaCakes118
.sys windows:4 windows x86 arch:x86

cc5d12aec596077b886fe62a3ba8e653

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwMapViewOfSection
ZwClose
ZwCreateSection
ZwOpenFile
RtlInitUnicodeString
swprintf
wcscat
wcscpy
_stricmp
strncpy
MmGetSystemRoutineAddress
ExFreePool
ExAllocatePoolWithTag
_except_handler3
wcslen
RtlCompareUnicodeString
ExGetPreviousMode
IofCompleteRequest
_strnicmp
RtlAnsiStringToUnicodeString
_snprintf
ZwQuerySystemInformation
RtlCopyUnicodeString
ZwUnmapViewOfSection
strncmp
IoGetCurrentProcess
ObfDereferenceObject
ObQueryNameString
MmIsAddressValid
_wcsnicmp
PsGetVersion

Sections

.text
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 768B - Virtual size: 744B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 1004B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ