cebe9ed7b698a80bea68d09e848fd3b7_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

cebe9ed7b698a80bea68d09e848fd3b7_JaffaCakes118
Size

30KB
MD5

cebe9ed7b698a80bea68d09e848fd3b7
SHA1

ce37c293a33e00ecb7fc81c06cc4944d6cc580c5
SHA256

5099fa0de7014e99de2842bb7e1e8e02f67ca15b72a615cfb49788605f46eef6
SHA512

b731a08dae42dfb0c13a897d3e1923a9aa310babc65de94f6f9fb3b6c4b8681d65c91604990a678086b574f2b4b1b951a472ab24978670b558a68d41d63426ce
SSDEEP

768:apps2B2cKYJIVFmX8U0xK7lOwFjnIc/ui6CnoBFv4D7Ei4FJ:appnBBJ8FmX8U0KHIcGi7+Fv4DIJF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cebe9ed7b698a80bea68d09e848fd3b7_JaffaCakes118

Files

cebe9ed7b698a80bea68d09e848fd3b7_JaffaCakes118
.sys windows:4 windows x86 arch:x86

c0cc0dfa77314923c9bedc489a28e9ce

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

_strnicmp
swprintf
ZwMapViewOfSection
ZwCreateSection
RtlInitUnicodeString
MmGetSystemRoutineAddress
PsGetVersion
_wcsnicmp
wcslen
ExFreePool
ExAllocatePoolWithTag
strncmp
strncpy
_snprintf
_stricmp
wcscat
wcscpy
RtlAnsiStringToUnicodeString
_except_handler3
ObfDereferenceObject
ObQueryNameString
RtlCopyUnicodeString
ZwUnmapViewOfSection

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 576B - Virtual size: 550B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ