055a7be776c40bbbbe6e3c92fd861459_JaffaCakes118 | Triage

Sharing

General

Target

055a7be776c40bbbbe6e3c92fd861459_JaffaCakes118
Size

41KB
MD5

055a7be776c40bbbbe6e3c92fd861459
SHA1

17a9c0d02941e9f77a2410b08316526d97fc858b
SHA256

78822714c8923079ef19e7334b0a548c5f2b344ba82bc51128f63c6753f203f1
SHA512

de1136b03dabe2e51e2f8d59081c035bab5e3b6dd1abd62920438b15aea67d1854842d127f105cf5b79e045ec03c4f5606834c321c1379bc728c4910f402fce9
SSDEEP

768:13CyLrOLOoWk2ZtBIMAKqvlqHX5aRrZ2YYxF9F8xG29:NCyLqTW4dOI3FYT9if9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
055a7be776c40bbbbe6e3c92fd861459_JaffaCakes118

Files

055a7be776c40bbbbe6e3c92fd861459_JaffaCakes118
.sys windows:5 windows x86 arch:x86

8d2c75b59fbc110ed4e7c57dd3b90e62

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlInitAnsiString
ExAllocatePoolWithTag
RtlAnsiStringToUnicodeString
MmGetSystemRoutineAddress
MmIsNonPagedSystemAddressValid
RtlAppendUnicodeToString

Sections

.text
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 256B - Virtual size: 248B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 128B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ