eb5e2ec436bf523b85ed60e1ec9875ae_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

eb5e2ec436bf523b85ed60e1ec9875ae_JaffaCakes118
Size

22KB
MD5

eb5e2ec436bf523b85ed60e1ec9875ae
SHA1

a59238a6fe38e079b3e0a9f609e102cf280bb33c
SHA256

beaf16e88d922751356715505c94b32b9cbcf42d7ed4a5fcc6f09f838216669f
SHA512

e72748becd9a56b8503c65a529a2b907856499a88662aa3462aaaebba7c4778a8b15ca4362fc4be81d847bdd0a84b1be470322a0497baa2e36542a4112af44d8
SSDEEP

384:8WpdvFpESf2cI62N4/FgQyJw9Jwbo/YLuhotMX5S8TwAkg:8WvvFGSecIJuyeuow/6Xt0ng

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
eb5e2ec436bf523b85ed60e1ec9875ae_JaffaCakes118

Files

eb5e2ec436bf523b85ed60e1ec9875ae_JaffaCakes118
.sys windows:5 windows x86 arch:x86

55f01a2f5037ec43ba55155ff660f25a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

MmGetSystemRoutineAddress
RtlInitAnsiString
ExAllocatePoolWithTag
RtlAnsiStringToUnicodeString
RtlValidRelativeSecurityDescriptor
IoBuildDeviceIoControlRequest

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 256B - Virtual size: 253B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 128B - Virtual size: 30B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ