be581064311925bfa68154f59bae42dd_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

be581064311925bfa68154f59bae42dd_JaffaCakes118
Size

7KB
MD5

be581064311925bfa68154f59bae42dd
SHA1

0aa76bcdce3107cd14fb82d849636a245e64ef72
SHA256

f1ec1c9acc1b1c1f57828841684a9d390457a555829a14dba169a5ff452b0831
SHA512

96cb1c3c047b2ced65c9ee4273c21e51ee85d6105582db2ddc0d37bbb444dabd7a9298e88403b406165215f118a2487a86a13dd3a320bc88ed92bf42d0ef5430
SSDEEP

96:GiUOqPUa7yNL3ZWtbjtDizRu4CXl98l4aPqKZTGheLBWodV9q9LV0AXu61E:GizZabpDKuF9Ef0sArVV0gu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
be581064311925bfa68154f59bae42dd_JaffaCakes118

Files

be581064311925bfa68154f59bae42dd_JaffaCakes118
.sys windows:4 windows x86 arch:x86

9ae3a64b2731972db97621de4bae6f93

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

strncpy
tolower
MmIsAddressValid
NtLockFile
ZwCreateFile
RtlInitUnicodeString
KeServiceDescriptorTable
MmGetSystemRoutineAddress
PsSetLoadImageNotifyRoutine
ZwAllocateVirtualMemory
IoGetCurrentProcess
KeDetachProcess
strcpy
KeDelayExecutionThread
KeAttachProcess
memcpy
RtlCompareMemory
wcsstr
memset
ZwTerminateProcess
ZwOpenProcess
ZwClose
ZwOpenEvent
NtBuildNumber
PsCreateSystemThread
strlen
ObfDereferenceObject

hal

KfLowerIrql
KeRaiseIrqlToDpcLevel

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 736B - Virtual size: 730B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 352B - Virtual size: 344B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ