071b8f36e8ff71dc27958cf199cfdb5f_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

071b8f36e8ff71dc27958cf199cfdb5f_JaffaCakes118
Size

27KB
MD5

071b8f36e8ff71dc27958cf199cfdb5f
SHA1

a6fb404de9a090f5dd29abc81212ef72d7e33bc5
SHA256

bc763c9dda613cf5930c45c4f22b696937f48ce84702c6f26551cdabdcf1ba80
SHA512

b24ded15990707ff135979f2b1c2eff94b07989652a6dc86ef4030f592ccb3a05aed00cef332bef084cff39cd584b55f8a14c2858cc716b165d64cabdfe7aba8
SSDEEP

384:W/kwv66V9x3xg5iSmyOiHLkdNjzYfTkaEa9sqtzrfPA:cOkbRtLdlUIjcn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
071b8f36e8ff71dc27958cf199cfdb5f_JaffaCakes118

Files

071b8f36e8ff71dc27958cf199cfdb5f_JaffaCakes118
.sys windows:5 windows x86 arch:x86

0d54263fcd25f135f8a7830f33ff466e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoWMIQueryAllDataMultiple
MmSizeOfMdl
IoGetDeviceInterfaceAlias
IoWMIQuerySingleInstanceMultiple
wcslen
KeQueryTimeIncrement

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 256B - Virtual size: 218B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 128B - Virtual size: 34B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ