162c1c675831411cc35839392cfa69f9_JaffaCakes118 | Triage

Sharing

General

Target

162c1c675831411cc35839392cfa69f9_JaffaCakes118
Size

29KB
MD5

162c1c675831411cc35839392cfa69f9
SHA1

462be886cc3f15a7b1c6731245b5671484ac0e6a
SHA256

e25dcedd389b8061dafd3c17b299680aa062abc26bc71f3d8a634fee58144182
SHA512

de1c19e505166a4039965be1b3ce9da7d1c6ff5ea7d4afb30f8ee624ef5341159a92306c2e92a24b877abedb33f95f80324d124bdf143b139b6b5c7c7a10c85f
SSDEEP

768:DeSMFw+BMy+zLWJyv1uHh1GZ2PV5hxDSC:a5x+zLP1uHhgZIVvxOC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
162c1c675831411cc35839392cfa69f9_JaffaCakes118

Files

162c1c675831411cc35839392cfa69f9_JaffaCakes118
.sys windows:4 windows x86 arch:x86

fe223a8921efc9eda3aa04c075a69b33

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

wcscat
wcscpy
swprintf
RtlInitUnicodeString
strncpy
ExFreePool
_snprintf
ExAllocatePoolWithTag
_stricmp
_strnicmp
RtlAnsiStringToUnicodeString
ObfDereferenceObject
strncmp
MmGetSystemRoutineAddress
wcslen
RtlCopyUnicodeString
ZwClose
ZwOpenKey
_wcsnicmp

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 800B - Virtual size: 784B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 832B - Virtual size: 808B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ