db59702a7da1ac0f901d67028f3e2283_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

db59702a7da1ac0f901d67028f3e2283_JaffaCakes118
Size

40KB
MD5

db59702a7da1ac0f901d67028f3e2283
SHA1

24bc8c64802e691769e202cca661833e77ab3c92
SHA256

7ddf9058e1ee9e221ac9ed5808d1eead1b249dc700cf4d912d9605769a9e0810
SHA512

46c3a4cdd24bf09f1f86743b78bc38a10eb0406487bc9d36fe400657529e2ed49566a371e45567c926e94b4c4867cd065e3f1db813137bc3c1d9c519e45a7b22
SSDEEP

768:p+7RQLuTMFQlrsm9UltE19c4d9qLO/fUA+paFMQ29a:p+CLoHxUI8C9OO/hMQ29a

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
db59702a7da1ac0f901d67028f3e2283_JaffaCakes118

Files

db59702a7da1ac0f901d67028f3e2283_JaffaCakes118
.sys windows:5 windows x86 arch:x86

ad00e5404ad2676fe1f45ef170eaa5c2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlWalkFrameChain
MmGetSystemRoutineAddress
RtlInitAnsiString
ExAllocatePoolWithTag
RtlAnsiStringToUnicodeString
MmIsNonPagedSystemAddressValid

Sections

.text
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 256B - Virtual size: 240B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 128B - Virtual size: 34B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ