d9c57b232f104c3629a106e7eb1a13b7_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d9c57b232f104c3629a106e7eb1a13b7_JaffaCakes118
Size

27KB
MD5

d9c57b232f104c3629a106e7eb1a13b7
SHA1

0e6c91d10f3552bb20faf8c67d86f35f2d02ffbb
SHA256

1a8b03707f48fa005cbbb9f80884c71616db56334e960fefcdee052612d2445e
SHA512

daa7b675803bd713a0bac6062db8b20fb2fcd7cd0a4b7bca9f31e6174f678837c22dd5f313821f068b03fb91fd7f90e02cbd19ce00e7807f53edc83dd70ccb1c
SSDEEP

384:Xj7dlC13bv6i1aHk93Ku7nLa3SlH40plEIUnZV4644RyHSO7Q2:Xj7dlC1F9BPai1LAE4uSx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d9c57b232f104c3629a106e7eb1a13b7_JaffaCakes118

Files

d9c57b232f104c3629a106e7eb1a13b7_JaffaCakes118
.sys windows:4 windows x86 arch:x86

002f97af33872cddbe82ca03e3669f6a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ObfDereferenceObject
swprintf
wcslen
RtlInitUnicodeString
wcscat
wcscpy
_wcsnicmp
RtlCopyUnicodeString
ExFreePool
_snprintf
ExAllocatePoolWithTag
RtlAnsiStringToUnicodeString
_stricmp
strncpy
strncmp
_strnicmp
MmIsAddressValid
_except_handler3
MmGetSystemRoutineAddress
ZwClose
ZwQueryValueKey
ZwOpenKey
IofCompleteRequest

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 896B - Virtual size: 888B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ