d10fb6ad9efd3dece31bb0bef779d523_JaffaCakes118 | Triage

Sharing

General

Target

d10fb6ad9efd3dece31bb0bef779d523_JaffaCakes118
Size

135KB
MD5

d10fb6ad9efd3dece31bb0bef779d523
SHA1

28ff564c6c7730aaa54776b36791b6fa990df12e
SHA256

2f7e5fd45446e641e7efec41f51a0d6de21315057ef4fbecb649788b3d847176
SHA512

f7121017623799dfb7f1eff783506fd8d3567ad4a2c2d2757327331fdf6d2cd9fd31d6138e74978d791af8ff2a22824692053c2400edf51f0d226fd6f36b5706
SSDEEP

3072:LuoEKdbLu9g/eRC/01bEog0OOlReNBV+xymj:LulSHu9g2pbE/nOlRe3Vkymj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d10fb6ad9efd3dece31bb0bef779d523_JaffaCakes118

Files

d10fb6ad9efd3dece31bb0bef779d523_JaffaCakes118
.sys windows:4 windows x86 arch:x86

7cea35e523df81debc5bd8a8cebe2a6b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExFreePoolWithTag
MmMapLockedPagesSpecifyCache
KeQueryTimeIncrement
strstr
RtlAnsiCharToUnicodeChar
KeTickCount
ExAllocatePoolWithTag
KeBugCheckEx
ObfReferenceObject
strncpy
DbgPrint
wcsncpy
ZwCreateEvent

Sections

.text
Size: 111KB - Virtual size: 111KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ