deb7da86e6ffbd6877122c548cb36b34_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

deb7da86e6ffbd6877122c548cb36b34_JaffaCakes118
Size

21KB
MD5

deb7da86e6ffbd6877122c548cb36b34
SHA1

e3ae00b4ef8764554105ac632f1766cac19cdb55
SHA256

ba95284d75b45214161e41da910dceb9a505f77fe8370be206ac5a2c89e5f0be
SHA512

1e9a14c7f619b10a149d044b6bac26a7decee86a6c8df43d5472a085292e176c7424281268ad6c48b7ce398f5a6cf59f0445db9adc750ebd14461c74534955af
SSDEEP

192:N49xIX7b6ckUZ7eih0BVn80bkFjlCK5XapVbl6zDp0xVKrKntWfdpvh0CPnAbHWn:XZbSS0bkPCfpV5xsKntWXhN4zW5+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
deb7da86e6ffbd6877122c548cb36b34_JaffaCakes118

Files

deb7da86e6ffbd6877122c548cb36b34_JaffaCakes118
.sys windows:5 windows x86 arch:x86

7ef8a8cac7fcacf1a9cf4bb532fd5ead

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlAnsiStringToUnicodeString
RtlInitAnsiString
RtlValidRelativeSecurityDescriptor
MmGetSystemRoutineAddress
RtlEqualSid
ExAllocatePoolWithTag

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 256B - Virtual size: 235B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 128B - Virtual size: 30B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ