d236ead5028df0d40010e605bb136e65_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d236ead5028df0d40010e605bb136e65_JaffaCakes118
Size

28KB
MD5

d236ead5028df0d40010e605bb136e65
SHA1

1ca411657fa06d8fb3431bebb6d2a894568cc41f
SHA256

09fefd0fd7b45372513edc263e5ece1f8ca4900d6385542cf891664565ff7298
SHA512

83ef3a60ed335f8a5d71a7e934b44181c628aebab9ff04e2b9960a6e169b616cb05acb9e71d82a2ad8a7d49c90ae993ad2d66bfd4a5a820e5682fbd811d66555
SSDEEP

384:ysuGfB9SSZx+siNJa4ltTzMwo1AfnhuaopLyESZUcAConZOzV:yPGjnZx3qa4/TBfhRopLymcCZOzV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d236ead5028df0d40010e605bb136e65_JaffaCakes118

Files

d236ead5028df0d40010e605bb136e65_JaffaCakes118
.sys windows:5 windows x86 arch:x86

234d3cdf13c127268297cdc1db6af6b7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlInitUnicodeString
ObAssignSecurity
MmGetSystemRoutineAddress
ExFreePoolWithTag
IoFreeIrp
ExAllocatePoolWithTag
IoAttachDevice

Sections

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 256B - Virtual size: 228B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 128B - Virtual size: 30B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ