299d04d4c2d24282b214c8836990c454_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

299d04d4c2d24282b214c8836990c454_JaffaCakes118
Size

27KB
MD5

299d04d4c2d24282b214c8836990c454
SHA1

cac527b74993dc85fde8ad698241f641f96190e9
SHA256

a60fa9e891ca0bce1872678b20a19a1f2395cf22e25be0a8db3825a309b2852b
SHA512

289473bd206ff6a5e106a43a8f9947506004779011e79f924a745b04ef157704ff8b78f179dc415860eb529172895fdf1306e246a0eff41558e72eebfb1b6848
SSDEEP

384:LayS0HDSmT2kpmRqcYMWqv3gEC2XekGBYcVezb4UEceOscgd/EVp49iKj4v:LT2HT193gMyZefjPgd8Vp4QaI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
299d04d4c2d24282b214c8836990c454_JaffaCakes118

Files

299d04d4c2d24282b214c8836990c454_JaffaCakes118
.sys windows:4 windows x86 arch:x86

02fb40f2c5e6e093faa58d2c3d1ba845

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

MmIsAddressValid
_strnicmp
wcslen
wcscat
wcscpy
RtlInitUnicodeString
_except_handler3
swprintf
_stricmp
strncpy
_wcsnicmp
MmGetSystemRoutineAddress
strncmp
ExFreePool
_snprintf
ExAllocatePoolWithTag
ZwClose
ZwQueryValueKey
ZwOpenKey
ObfDereferenceObject
RtlCopyUnicodeString
IofCompleteRequest
RtlAnsiStringToUnicodeString

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 992B - Virtual size: 968B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ