c099c2c5cc53567bca6f830b51667ffb_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c099c2c5cc53567bca6f830b51667ffb_JaffaCakes118
Size

21KB
MD5

c099c2c5cc53567bca6f830b51667ffb
SHA1

393ab282cb942cace74f32b2a007834c76482aee
SHA256

7c29df90f639b1a89f9709bc878e8c72f4bea34861946d195f99c814ecf3f9ae
SHA512

eb3e92dbe72f2ce527b34cb368ba71ac8e303b5db6193b0d4fd744df212ca2be36dc9b93f3eec20b1d3ddabb77504b46a1e54a7746d2311d85613ca81eed2dd8
SSDEEP

384:P29kxFT7DU8sPEEu75ytZV+7bMW0RwU4CfNUf4oHmQ5BegMPpCFS+:ckbc1utytZV+7gXRpCf4URM0FS+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c099c2c5cc53567bca6f830b51667ffb_JaffaCakes118

Files

c099c2c5cc53567bca6f830b51667ffb_JaffaCakes118
.sys windows:4 windows x86 arch:x86

a9533434ee7e3fad24f8d90896a754c2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

CcUnpinData
towupper
RtlIntegerToUnicodeString
RtlGetSaclSecurityDescriptor
WRITE_REGISTER_ULONG
ExFreePool
DbgPrint
ZwQueryInformationProcess
ObQueryNameString
IoBuildAsynchronousFsdRequest
RtlFillMemoryUlong
RtlCustomCPToUnicodeN
PsChargePoolQuota
InterlockedIncrement
ZwSaveKey
IoGetInitialStack
ExSystemExceptionFilter
FsRtlAreNamesEqual
MmIsNonPagedSystemAddressValid
ZwDuplicateObject
RtlFindMessage
ZwQueryInformationFile

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

ILIT
Size: 1024B - Virtual size: 614B

IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 485B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ