b9a1bec6f7dc2fd125521158ec61e0f9_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b9a1bec6f7dc2fd125521158ec61e0f9_JaffaCakes118
Size

28KB
MD5

b9a1bec6f7dc2fd125521158ec61e0f9
SHA1

1e741b70c1c6ba1c7c7de2fbe10959557c7f3708
SHA256

6295327284fac98b63094ec655680b5e8f9b883f96c64401dac8383e501c5b85
SHA512

538cf22e72cd354c07d111fb61addd95e8e1a87f00f495b33ba58643bd4428d14679563141262fe4ff22720c89fa3030320bc1f10a8246aad2b14635b479af27
SSDEEP

384:b+zZ0PXQa8vWeXUGJgLFhhOy9+c4vS6EYhpu4o5jshqrP2:bXvQaNsJgZMOYhp6nrO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b9a1bec6f7dc2fd125521158ec61e0f9_JaffaCakes118

Files

b9a1bec6f7dc2fd125521158ec61e0f9_JaffaCakes118
.sys windows:4 windows x86 arch:x86

4de683b6a2add8d38a8f4aca9141ca5a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
RtlInitUnicodeString
swprintf
_except_handler3
RtlCopyUnicodeString
wcscpy
wcscat
MmIsAddressValid
_snprintf
ExFreePool
ExAllocatePoolWithTag
ZwQuerySystemInformation
_stricmp
strncpy
_wcsnicmp
wcslen
_strnicmp
RtlCompareUnicodeString
strncmp
IoGetCurrentProcess
ZwUnmapViewOfSection
RtlAnsiStringToUnicodeString
IofCompleteRequest
MmGetSystemRoutineAddress
ObfDereferenceObject
ObQueryNameString

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 704B - Virtual size: 686B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ