bc350b42222e3846b3e6a745d7ccdd3c_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bc350b42222e3846b3e6a745d7ccdd3c_JaffaCakes118
Size

424KB
MD5

bc350b42222e3846b3e6a745d7ccdd3c
SHA1

f054693356840cc0d403a252e07e25de128d0270
SHA256

9cab9daa28f56dfc3885711a2c368d689ea1a85f221efd1dccd27c12892c7609
SHA512

8d71229a3a2ad2833f4bdfc188b9c7b380144b5beb36d266c8c9e423df05e7e895cc68f70294822190217c6de020d65f825a1c8a03aa5d7ae53282d139fcbac9
SSDEEP

12288:UMLa/ZpJfW1kxmbmQOatWHSzJBDvB3oT0:A/ZDfWJxO/W94T0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bc350b42222e3846b3e6a745d7ccdd3c_JaffaCakes118

Files

bc350b42222e3846b3e6a745d7ccdd3c_JaffaCakes118
.sys windows:6 windows x86 arch:x86

1f1b8479dcdce25315f0f4d047c8c026

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

_allmul
_alldiv
memset
MmGetSystemRoutineAddress
wcsncat
memcpy
ExRaiseStatus
IofCompleteRequest
swprintf
sprintf
ExAllocatePoolWithTag
KeWaitForSingleObject
KeReleaseMutex
KeInitializeMutex
ExAllocatePoolWithTagPriority
ExFreePoolWithTag
KeTickCount
KeBugCheckEx
ObfDereferenceObject
RtlUnwind

hal

KeGetCurrentIrql

Sections

.text
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 352KB - Virtual size: 351KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 616B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 768B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ