3e3e068ca68f8aab4c8dad88c0d065b5_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3e3e068ca68f8aab4c8dad88c0d065b5_JaffaCakes118
Size

26KB
MD5

3e3e068ca68f8aab4c8dad88c0d065b5
SHA1

d0db1d768378e9afa09b1e2e3296882e8fd77505
SHA256

0a9b5bba183f5764561165c473f7a0366ba5730e1fcb44d48f3ca4a2c70a337d
SHA512

d994e234246e625927bf7273790725c08ee90d38e73961fdf6f9b864b771d71fd9644d65efb423476fe4c3adb33129cdd829e8bf74bcebf1f69298099314bda2
SSDEEP

768:+9d1dSJrFzY94KWV0fr8SIyLTLWnfpW7Ot3:+9d1dSJeaKWA4kL2nfpcOt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3e3e068ca68f8aab4c8dad88c0d065b5_JaffaCakes118

Files

3e3e068ca68f8aab4c8dad88c0d065b5_JaffaCakes118
.sys windows:4 windows x86 arch:x86

96de31b718dcd0a2b68b094269f1eb18

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

MmGetSystemRoutineAddress
RtlInitUnicodeString
_strnicmp
strncmp
MmIsAddressValid
wcslen
swprintf
wcscat
wcscpy
ZwClose
ZwOpenKey
RtlAnsiStringToUnicodeString
_except_handler3
_stricmp
strncpy
_wcsnicmp
IofCompleteRequest
RtlCopyUnicodeString
ObfDereferenceObject
_itow
ExFreePool
_snprintf
ExAllocatePoolWithTag

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 896B - Virtual size: 866B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ