ea3c135497fe906885fa7776c5038a5a_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ea3c135497fe906885fa7776c5038a5a_JaffaCakes118
Size

28KB
MD5

ea3c135497fe906885fa7776c5038a5a
SHA1

762b379fb60620465ab960e9a18b96bf997ea18c
SHA256

2ecfff56e5ddb89381e2dd628065912d5da957d84df2c1ca0b05ff37ac6fa2e2
SHA512

6357acff315b11e24c7d12fafeb95cf9381f05a91836cb4156789c3bef5f112d5b56b868e3a20283bc5b1c44f21628f711b5afb7aef10d06aad409b4b6f54d10
SSDEEP

768:4hb+aNUsAO69FI+cSzK3XZ8pg3RxzHwLZt8GlbGbYwaq419ZkQ:4cau/tcQwJT3R1QLZVxeGqU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ea3c135497fe906885fa7776c5038a5a_JaffaCakes118

Files

ea3c135497fe906885fa7776c5038a5a_JaffaCakes118
.sys windows:4 windows x86 arch:x86

c6066578bb3e3ccef9b2d6675442b4ec

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlCopyUnicodeString
RtlInitUnicodeString
_stricmp
strncpy
MmGetSystemRoutineAddress
_wcsnicmp
wcslen
wcscat
wcscpy
ObfDereferenceObject
swprintf
_strnicmp
IofCompleteRequest
ZwClose
ZwOpenKey
strncmp
ExFreePool
_snprintf
ExAllocatePoolWithTag
RtlAnsiStringToUnicodeString

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 832B - Virtual size: 806B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ