d5af6aa31b8e94f4a7b0553ba0116846_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d5af6aa31b8e94f4a7b0553ba0116846_JaffaCakes118
Size

28KB
MD5

d5af6aa31b8e94f4a7b0553ba0116846
SHA1

8f75d205554aef051d3a4bc7f5def9e1ea455908
SHA256

e5156a0c70157c6ad7f509b8e925d90e3adf272eefc5fa3e32a8e423d58c05ca
SHA512

8f2ac6e54b2131641244cd5b37ecd8896414639a28a559b39b0e9ffca79d618cf14b41ce21a8fc88d5f048ff3f5a95398a86f1a66d4cf9832e0a02780b53ccb0
SSDEEP

768:QPcEpUNOwGxXojtL/SESHI3eA2Qv9BO0ohNnPAb0DJk:McGUxUX0tbEAF9BO1hxAb0DC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d5af6aa31b8e94f4a7b0553ba0116846_JaffaCakes118

Files

d5af6aa31b8e94f4a7b0553ba0116846_JaffaCakes118
.sys windows:4 windows x86 arch:x86

a1a66cb7a0280b9e5a7757b285cd7240

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

swprintf
ObfDereferenceObject
RtlInitUnicodeString
wcslen
wcscat
wcscpy
_strnicmp
MmGetSystemRoutineAddress
RtlCopyUnicodeString
strncmp
ExFreePool
_snprintf
ExAllocatePoolWithTag
RtlAnsiStringToUnicodeString
_wcsnicmp
strncpy
IofCompleteRequest
_stricmp
ZwClose
ZwOpenKey

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 832B - Virtual size: 826B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ