15e816f5c483574422ae674428daf43d_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

15e816f5c483574422ae674428daf43d_JaffaCakes118
Size

12KB
MD5

15e816f5c483574422ae674428daf43d
SHA1

24be17d1106bace3e5c823ff862452bcbbc34118
SHA256

ea3040a039f9c82540b2dedc220810dd6df1ed4b02f1ddcf23e4590a7c490f7f
SHA512

1631405eae3f4166893abfe8768456b19e901eefd2328825717c47145c2eb84724b9b7f488fa4cd9e8a4a8f773ba93f50fd89c6f2da18abe668d37e3bf696bb3
SSDEEP

192:exTtM6a8m+ZqU6RWuDT12w1Q6s8V8RerNqTxm7x7rBMjmFloGeQvC:exTtMt8mOqjRFT13U8UZodWieQq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
15e816f5c483574422ae674428daf43d_JaffaCakes118

Files

15e816f5c483574422ae674428daf43d_JaffaCakes118
.sys windows:4 windows x86 arch:x86

a5483f910e956cce64f19d16f7488d00

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

DbgBreakPoint
ExAllocatePool
ExAllocatePoolWithTag
ExFreePool
KdDisableDebugger
KdEnableDebugger
KeBugCheckEx
KeWaitForMultipleObjects
KeWaitForSingleObject
MmGetSystemRoutineAddress
MmMapIoSpace
MmUnmapIoSpace
KeServiceDescriptorTable
DbgPrint

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 224B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 416B - Virtual size: 396B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 864B - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ