11ff2993b6ed5eea9f6bcbcb34a2f339_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

11ff2993b6ed5eea9f6bcbcb34a2f339_JaffaCakes118
Size

29KB
MD5

11ff2993b6ed5eea9f6bcbcb34a2f339
SHA1

6f37829fa22de0a081fb91c8a686a4576f2f46ba
SHA256

15353cccdb0ab1d3f5f211c5f4c552d13dc00d21b2bd84c0b4e40137cfa8370e
SHA512

42aa8e6ef475acdb42e57ea08e5cfd86093a05189779353f7860d573c4631705d77c5b587b92e3c6309bee0f15c72857f6de6ab879bd460d4fe42c5430ac91a2
SSDEEP

768:6ejabSuYsvN+VbsbIE8vyCS2li3kLxToxrnQdW+FT:njabS0vN+xscIEi3qox0W+FT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
11ff2993b6ed5eea9f6bcbcb34a2f339_JaffaCakes118

Files

11ff2993b6ed5eea9f6bcbcb34a2f339_JaffaCakes118
.sys windows:4 windows x86 arch:x86

244698ee318aa9ec9e8d10e2c3b15be4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

wcscat
wcscpy
swprintf
ExFreePool
_snprintf
ExAllocatePoolWithTag
RtlInitUnicodeString
_strnicmp
ObfDereferenceObject
strncpy
wcslen
MmGetSystemRoutineAddress
strncmp
_wcsnicmp
_stricmp
RtlCopyUnicodeString
ZwClose
ZwOpenKey
RtlAnsiStringToUnicodeString

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 736B - Virtual size: 708B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 832B - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ