eb252573ed331b701b8bc9547ae07375_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

eb252573ed331b701b8bc9547ae07375_JaffaCakes118
Size

25KB
MD5

eb252573ed331b701b8bc9547ae07375
SHA1

0abe4d2f184d24657b507cc2041334d5cee93454
SHA256

d06b25e3b9b655282967c6735bf7b825f14157123e378d50baa394d484f7ab26
SHA512

2ec00d62ed5cc4fc4f4953e3724836b725bf3148549f46544ea03cbdee0a1bdd2552e0ba88402578f52fc6a58491b67285e720e48e042bdf788785b4903186e7
SSDEEP

768:uxFKblmJsp+LsEpMK67px3+hYcBZkPAgvkTSVaI/WPa82WT0gAO39VNc4nyOHsbe:uxelmJsp+LsEpMK67px+PBZkPAgvkTSY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
eb252573ed331b701b8bc9547ae07375_JaffaCakes118

Files

eb252573ed331b701b8bc9547ae07375_JaffaCakes118
.sys windows:5 windows x86 arch:x86

9d4df1b67c77921fe648d6ce18409265

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwClose
ZwQueryValueKey
ZwOpenKey
RtlInitUnicodeString
_except_handler3
ExFreePool
ZwWriteFile
ZwSetInformationFile
ZwReadFile
ExAllocatePoolWithTag
ZwQueryInformationFile
ZwCreateFile
wcsncmp
wcslen
towlower
wcsstr
_strnicmp
wcscat
wcscpy
ZwEnumerateKey
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
PsCreateSystemThread
IoRegisterDriverReinitialization
_wcsnicmp
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
strncmp
IoGetCurrentProcess
PsGetVersion
strncpy
ZwDeleteValueKey
KeDelayExecutionThread
IofCompleteRequest
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
ExGetPreviousMode
KeServiceDescriptorTable
ZwSetValueKey

Sections

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 768B - Virtual size: 740B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ