bee1d749c245a36f237b116b675ad027_JaffaCakes118 | Triage

Sharing

General

Target

bee1d749c245a36f237b116b675ad027_JaffaCakes118
Size

254KB
MD5

bee1d749c245a36f237b116b675ad027
SHA1

a87688c64f747a6e067875b526e2985591973058
SHA256

ae139256ec4d4a0fd19b917731c8d9aa85e56121f09b041bdd2173ba68098ff1
SHA512

d2db04e171f9c2181aab647e44394dcf60ac9f0117b2ac60a79ba3a761b07ae0407930287ee5b4b388357975ee4fd367cd5a9e2be29f5840fa2c21e99e9c740d
SSDEEP

6144:Aw+THKT3AyWi8Bx6hFgURZtGeFa7nJNLN+w9aqB789Kzg5xrwq/:ArvBIhdja7nrNL73g5Bz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bee1d749c245a36f237b116b675ad027_JaffaCakes118

Files

bee1d749c245a36f237b116b675ad027_JaffaCakes118
.sys windows:5 windows x86 arch:x86

ba04957d57466bac2dfca14138f29cb5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

KeDelayExecutionThread
ExAllocatePoolWithTag
ExFreePool
_except_handler3
RtlFreeAnsiString
atoi
RtlFreeUnicodeString
RtlUnicodeStringToAnsiString
RtlQueryRegistryValues
ZwClose
ObfDereferenceObject
ObReferenceObjectByHandle
ObOpenObjectByName
RtlInitUnicodeString
PsTerminateSystemThread
PsCreateSystemThread

Sections

.text
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 256B - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 768B - Virtual size: 762B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 206KB - Virtual size: 206KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE