dceb8075be1436f3211a3428a629be7c_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

dceb8075be1436f3211a3428a629be7c_JaffaCakes118
Size

27KB
MD5

dceb8075be1436f3211a3428a629be7c
SHA1

2fc161c5333f082cedcc5ba001b9fbdd72b61d99
SHA256

d7ad4b759dceb659add4c330c188eaecec92de96022c5a92a66b0cc5b216316f
SHA512

6b72e9e6732e646e8be290a82bfa2ce5b3007b00b26ac74cf6281134fd64c48dceff7d10fa1d95ee9fab011c2cf3dd1a5fa28527a8730b976864132fbc48829f
SSDEEP

384:qPJHxnnyIghNCSufKlVGkQA35lx55mRAo6SnOdu4Y5F:OXfLXfK8Ul5qH6SnJ40

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dceb8075be1436f3211a3428a629be7c_JaffaCakes118

Files

dceb8075be1436f3211a3428a629be7c_JaffaCakes118
.sys windows:4 windows x86 arch:x86

c623930f0396ca52c5fbd0b07ac9765d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwClose
RtlInitUnicodeString
RtlAnsiStringToUnicodeString
KeServiceDescriptorTable
MmGetSystemRoutineAddress
swprintf
MmIsAddressValid
wcscat
wcscpy
_stricmp
strncpy
ZwUnmapViewOfSection
IoGetCurrentProcess
_strnicmp
RtlCompareUnicodeString
RtlCopyUnicodeString
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
ExFreePool
ExAllocatePoolWithTag
ObfDereferenceObject
ObQueryNameString
strncmp
wcslen
_wcsnicmp
_except_handler3
IofCompleteRequest
_snprintf
ZwQuerySystemInformation

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 736B - Virtual size: 732B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ