534d6a22489ceda79a02f35ad39fe670_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

534d6a22489ceda79a02f35ad39fe670_JaffaCakes118
Size

36KB
MD5

534d6a22489ceda79a02f35ad39fe670
SHA1

20a135288d92292ef64c4314f07481af943cc63e
SHA256

123e67845e71d75752db09f4ed75f57654b20210c84c8863064c0971d5908d16
SHA512

215486bd277f373ebf1fdbfa34b6910f42572d6e60f0e39aa8f449e1c66e24fa7ec813296710c68f85c1ff8c1f7f374b22027b003d64831c2f0dd165a564575f
SSDEEP

768:qQ579sHOiIvrLU8jhbzaG9yt1QUjk2rZuW4bfBCf9V+x:qs9yqRA1QIL4W4b6V+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
534d6a22489ceda79a02f35ad39fe670_JaffaCakes118

Files

534d6a22489ceda79a02f35ad39fe670_JaffaCakes118
.sys windows:5 windows x86 arch:x86

ac694e00a2633d6bf820fd81450354a7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

PsCreateSystemThread
RtlInitUnicodeString
memcpy
RtlCompareUnicodeString
RtlFreeAnsiString
atoi
RtlFreeUnicodeString
RtlUnicodeStringToAnsiString
RtlQueryRegistryValues
memset
ExAllocatePoolWithTag
ExFreePool

Sections

.text
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 384B - Virtual size: 348B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 384B - Virtual size: 294B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ