40e92d43718c63b1bb59417f4b092699_JaffaCakes118 | Triage

Sharing

General

Target

40e92d43718c63b1bb59417f4b092699_JaffaCakes118
Size

41KB
MD5

40e92d43718c63b1bb59417f4b092699
SHA1

e06b5cf2499ebbb4e3309a1def27155afc3b557e
SHA256

1e45b8e01446b9f82ab6ce070e67f95e2fd7c7f068421f16a20d784935936c66
SHA512

681612e06e4031b6100ac50745b42f9203d8db1a8da24296ddabc69d563f5ff97ab1daceda67d58a591321f65fddab672640536bce308d657eb97e703f816230
SSDEEP

768:fhdIF3ddYd4O/eTAtEvSStyfeKPLYt0q9n1no9dtorVQQ87Z73mzP9:2dqd7/euyyTK+72rB8J3mz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
40e92d43718c63b1bb59417f4b092699_JaffaCakes118

Files

40e92d43718c63b1bb59417f4b092699_JaffaCakes118
.sys windows:5 windows x86 arch:x86

457b4ba759e169e3a178a73f69bf2658

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExAllocatePoolWithTag
MmGetSystemRoutineAddress
_except_handler3
RtlInitUnicodeString
MmIsNonPagedSystemAddressValid
IoCreateDevice
PsGetCurrentThread
wcsncpy

Sections

.text
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 384B - Virtual size: 328B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 128B - Virtual size: 46B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ