56cdd11249080144db28772243c635d4_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

56cdd11249080144db28772243c635d4_JaffaCakes118
Size

12KB
MD5

56cdd11249080144db28772243c635d4
SHA1

bc74827215669974905bc3a8e77897fce453780f
SHA256

06cfaabcbb7bedbfe2d0db8036f0771c335232ca3e2369a9d9fc216312abf070
SHA512

ca2efb5f33683d20b97da918ecdcf2ebdef0c55d62956ec3f2c2b2ea75e889d45d3dc4fd4d83444f0234a7cd7ca947c145126afa87e34f47392cb78afb357e2b
SSDEEP

384:eCwuzkm0RwIB1F1y0QfyCiUxeTVDy5CwQe:eqzk/1H3ygCT4m5HZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
56cdd11249080144db28772243c635d4_JaffaCakes118

Files

56cdd11249080144db28772243c635d4_JaffaCakes118
.sys windows:4 windows x86 arch:x86

9b9bfa1a1920560f1ed583a482c31449

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

DbgBreakPoint
ExAllocatePool
ExAllocatePoolWithTag
ExFreePool
KdDisableDebugger
KdEnableDebugger
KeBugCheckEx
KeWaitForSingleObject
MmGetSystemRoutineAddress
MmMapIoSpace
MmUnmapIoSpace
memmove
KeServiceDescriptorTable
DbgPrint

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 224B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 384B - Virtual size: 378B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 832B - Virtual size: 814B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ