3cedc53ab2b48eee6ca22a7e1add7317_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3cedc53ab2b48eee6ca22a7e1add7317_JaffaCakes118
Size

242KB
MD5

3cedc53ab2b48eee6ca22a7e1add7317
SHA1

3b4629dfc013fbf9992d57ad422bfc11c2f3aa2e
SHA256

69a6cdc8311718641a1369cc1687620bc69c73923a3dbfaa08ad1d4f34ad1a8c
SHA512

c9955b2eca178d9f0b8632bd0a7074092d41a772e41cee48655e7515939a2568856378c2696aae84e8e1ecd9349ae7d9e44161b8245663d4ddc324a6bf169440
SSDEEP

6144:mqkqDlszwSfSThxHzEsFzbtCC3nk2xP2hMlS2bv88pvZ:mqhufSXzEsFzbtCCXhxzlrB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3cedc53ab2b48eee6ca22a7e1add7317_JaffaCakes118

Files

3cedc53ab2b48eee6ca22a7e1add7317_JaffaCakes118
.sys windows:5 windows x86 arch:x86

ba04957d57466bac2dfca14138f29cb5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

KeDelayExecutionThread
ExAllocatePoolWithTag
ExFreePool
_except_handler3
RtlFreeAnsiString
atoi
RtlFreeUnicodeString
RtlUnicodeStringToAnsiString
RtlQueryRegistryValues
ZwClose
ObfDereferenceObject
ObReferenceObjectByHandle
ObOpenObjectByName
RtlInitUnicodeString
PsTerminateSystemThread
PsCreateSystemThread

Sections

.text
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 256B - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 768B - Virtual size: 762B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 193KB - Virtual size: 193KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE