ea4291dd5f13212ce962ddaddb9d47a4_JaffaCakes118 | Triage

Sharing

General

Target

ea4291dd5f13212ce962ddaddb9d47a4_JaffaCakes118
Size

25KB
MD5

ea4291dd5f13212ce962ddaddb9d47a4
SHA1

650f3f1e80d47932502a7727badaf030c09ce718
SHA256

d573dc5a18571ca1837b878c5892a055c625599cd05920f67f60da81030d4d0c
SHA512

98f9cf5db19c313edcc1175d74d508617a5717deef3718d10a247f8f7fcc38fdb62719c2396b0f1c391416a525f804f91f53efd0ea0eecfa713dfec2a575f039
SSDEEP

768:2FG8JhicIlK8rjNTjjdwaYi4R/JMk0MlHGc7Ee76kIApxH:2FG8JgcIMuj5jjdwaBeBMk0MBGQE+6sX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ea4291dd5f13212ce962ddaddb9d47a4_JaffaCakes118

Files

ea4291dd5f13212ce962ddaddb9d47a4_JaffaCakes118
.sys windows:5 windows x86 arch:x86

777a8be80aef50b02f6b5ae89ad073c1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwClose
wcsstr
ZwQueryValueKey
ZwOpenKey
RtlInitUnicodeString
_except_handler3
wcsncmp
wcslen
towlower
ExFreePool
ZwWriteFile
ZwSetInformationFile
ZwReadFile
ExAllocatePoolWithTag
ZwQueryInformationFile
ZwCreateFile
_wcsnicmp
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
wcscat
wcscpy
ZwEnumerateKey
KeDelayExecutionThread
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
IoGetCurrentProcess
ExGetPreviousMode
KeServiceDescriptorTable
ZwSetValueKey
PsGetVersion
IoRegisterDriverReinitialization
IofCompleteRequest
_strnicmp
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
PsCreateSystemThread
strncmp
strncpy
ZwDeleteValueKey

Sections

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 768B - Virtual size: 746B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ