c19fce2f4c8a69d253130a77af620892_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c19fce2f4c8a69d253130a77af620892_JaffaCakes118
Size

5KB
MD5

c19fce2f4c8a69d253130a77af620892
SHA1

0a70be193485b08564545e3c1f94bbf84f480f91
SHA256

ceed518617d020221a0a7257c80cedb11fd3135e939763b034e71d02087299d0
SHA512

1b11069eb8ebb2341c92a6b4e5e3c8b971d2b91583af50685deb25568f3d34a5731ce795e36d72fab84893b8ce082633eed7760b6f4b7c7fbec503e3c0ff7217
SSDEEP

96:2nFvob198Tb7Nb/7vBXieiEHKn8vm86N8Fy1h6y81Gh9X7:sqb198TbZTrBXieiEq+m58FyKJ0n

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c19fce2f4c8a69d253130a77af620892_JaffaCakes118

Files

c19fce2f4c8a69d253130a77af620892_JaffaCakes118
.sys windows:5 windows x86 arch:x86

f86e8fe8b263ea93ee50105a86dc4420

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

MmMapLockedPages
MmBuildMdlForNonPagedPool
ExFreePoolWithTag
wcslen
RtlWriteRegistryValue
RtlCreateRegistryKey
RtlCompareUnicodeString
ZwNotifyChangeKey
ZwOpenKey
ZwClose
ZwSetValueKey
ZwCreateKey
RtlQueryRegistryValues
memmove
ExAllocatePoolWithTag
RtlInitUnicodeString
_except_handler3
KeServiceDescriptorTable
MmIsAddressValid
KeAddSystemServiceTable
MmCreateMdl
KeTickCount
KeBugCheckEx

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 256B - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 768B - Virtual size: 672B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 384B - Virtual size: 374B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ