bf082b0d0328dafe0c487022ed28b53c_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bf082b0d0328dafe0c487022ed28b53c_JaffaCakes118
Size

29KB
MD5

bf082b0d0328dafe0c487022ed28b53c
SHA1

024a83666063cbece47e7deb960db939886b1f78
SHA256

14bb6c410a1466c5b505fbc67f8cf7136285dcc494ed3f45045f6a68658c9eac
SHA512

db7638d3a80b8c859c8ae5f440a56bc62d19bfcb0f22595990ad5af380bcdafb2b0704177f674a099dfdbc1c2430a8a39a518a7ea177b2aafb8af97f8752a54a
SSDEEP

768:oJP6C9OeoTbIypfdzOJNJ/UN3Fjzk1H+tqPY57I:ofOeoTbIMROJNJc9Ff3qP+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bf082b0d0328dafe0c487022ed28b53c_JaffaCakes118

Files

bf082b0d0328dafe0c487022ed28b53c_JaffaCakes118
.sys windows:4 windows x86 arch:x86

b52db13d4c96cec49ca9ffb2de6dd34c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
RtlInitUnicodeString
wcscpy
wcscat
MmGetSystemRoutineAddress
swprintf
wcslen
_snprintf
ExFreePool
ExAllocatePoolWithTag
strncmp
_strnicmp
_stricmp
strncpy
_wcsnicmp
_except_handler3
RtlAnsiStringToUnicodeString
RtlCopyUnicodeString
ObfDereferenceObject
ObQueryNameString
RtlCompareUnicodeString
ZwUnmapViewOfSection

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 608B - Virtual size: 578B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ