df87996a7bbba29de3f7d96359e67613_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

df87996a7bbba29de3f7d96359e67613_JaffaCakes118
Size

10KB
MD5

df87996a7bbba29de3f7d96359e67613
SHA1

680bc322d8ad42592487377830647df704c96f37
SHA256

8866febf7ecf8604b09687b1d2a9babc2825d40f15d0063e4c5223037fead8bf
SHA512

d572b6cdcb69570e65efe52fd1bb8bac1499ef2497319ae3ff9241adcd1bdfbda8123d390091bb430c43bc2992d9bf36093528f63d88fcc4e25def512dcd127f
SSDEEP

192:p1LnTnXvhT5lIWdb88L/KnBmDDVBSHXNB1BiBC3prKgAiSvVJag1b2ea:T7TXva/nMDDVONHsKrQjag1H

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
df87996a7bbba29de3f7d96359e67613_JaffaCakes118

Files

df87996a7bbba29de3f7d96359e67613_JaffaCakes118
.sys windows:6 windows x86 arch:x86

2ce86d64078efc0b8cbcb3a2162c59b6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\works\sys\sysldr\free\i386\SysLdr.pdb

Imports

ntoskrnl.exe

RtlFreeUnicodeString
MmGetSystemRoutineAddress
RtlAnsiStringToUnicodeString
RtlInitAnsiString
ExFreePoolWithTag
RtlZeroMemory
RtlMoveMemory
ExAllocatePoolWithTag

Sections

.rdata
Size: 256B - Virtual size: 165B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 128B - Virtual size: 63B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 128B - Virtual size: 106B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

SysPack
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE