37e1863e5279a2cc30fa389037b80df1_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

37e1863e5279a2cc30fa389037b80df1_JaffaCakes118
Size

21KB
MD5

37e1863e5279a2cc30fa389037b80df1
SHA1

fddebd8c09f93ea52e7924b5967d6ebe91908ff0
SHA256

1ab6acd959e26b8862d04e6d3092b2c7bda44ba5fbf7eca4a14224ea220d6772
SHA512

a073d9487b96c13062c65c4d2b4ad35f389e77bd2b32e5c8c1dd208b39750df437ec0adc7c1b21df194818d44a5a4a82edaa421ef20bc082ee656a1da18b151c
SSDEEP

384:043DXOFeXJ9ZiheH/uteln0rPqSlc/67Or+6Js7G0/briG9ClvhGOMx:04LOFCtge0/lH0JqG0/bri/lMH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
37e1863e5279a2cc30fa389037b80df1_JaffaCakes118

Files

37e1863e5279a2cc30fa389037b80df1_JaffaCakes118
.sys windows:5 windows x86 arch:x86

48edfb3376fe3a7ad1d0ebcecf297ab1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

_allmul
MmIsNonPagedSystemAddressValid
wcslen
MmGetSystemRoutineAddress
ExAllocatePoolWithTag
NtQuerySystemInformation

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 256B - Virtual size: 212B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 128B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ