f95b189434ee548f0441419ca77d36d7_JaffaCakes118 | Triage

Sharing

General

Target

f95b189434ee548f0441419ca77d36d7_JaffaCakes118
Size

26KB
MD5

f95b189434ee548f0441419ca77d36d7
SHA1

d1bad5694355ddcb4a94ff093e4ef75fe77fe406
SHA256

6d55ad90a54ae778250082da2e397aba28b6bf158c94f4164077547444ba30db
SHA512

20657fa0aa7fec471032845684b51b83eb11e19796850b6845d622a5fbf3247927f9d10d2d670b9ba429a00f6d2afc47d40954a5567127c72433b3267743d97e
SSDEEP

384:zDjeOoedj9pwBZUEUF0N+W5H9H/ozGQOL8k697wyhUohgD04QoBO4KW7dxJ5REZX:zmneh90N+qH9H/ozXOIjnhT4Q6hks3X

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f95b189434ee548f0441419ca77d36d7_JaffaCakes118

Files

f95b189434ee548f0441419ca77d36d7_JaffaCakes118
.sys windows:5 windows x86 arch:x86

e6b2c0a2035e3ca2152e334c77a715e0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwClose
ZwQueryValueKey
ZwOpenKey
RtlInitUnicodeString
_except_handler3
ExFreePool
ZwWriteFile
ZwSetInformationFile
ZwReadFile
ExAllocatePoolWithTag
ZwQueryInformationFile
ZwCreateFile
wcsncmp
wcslen
towlower
IofCompleteRequest
IoGetCurrentProcess
_wcsnicmp
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
ExGetPreviousMode
KeServiceDescriptorTable
ZwSetValueKey
PsGetVersion
wcsstr
strncmp
strncpy
wcscat
wcscpy
ZwEnumerateKey
_strnicmp
IoRegisterDriverReinitialization
ZwDeleteValueKey
KeDelayExecutionThread
PsCreateSystemThread
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice

Sections

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 800B - Virtual size: 780B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ