f9eb791df724e3700ab58a9abaa9c75b_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f9eb791df724e3700ab58a9abaa9c75b_JaffaCakes118
Size

61KB
MD5

f9eb791df724e3700ab58a9abaa9c75b
SHA1

74e73775d7d4530884d99f7bf3ef74b7b649c172
SHA256

9da356462ca702d956e8cb6e2debec15a1aa91d2786a552582eb05e4f7dd3ad2
SHA512

6a427c37300f950dd887198732a5c55468da6c0b816d40864cc242cddc9e39cc776e8ccb9042c2ee3752967d588bdd1c33e527f965b38afaa8dcea818e437c88
SSDEEP

768:8oMwHvouBstjdA11l116LkzALzOLwFi/kj+Oz05a/AudKkMK:U7u2jdizALddK/K

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f9eb791df724e3700ab58a9abaa9c75b_JaffaCakes118

Files

f9eb791df724e3700ab58a9abaa9c75b_JaffaCakes118
.sys windows:5 windows x86 arch:x86

57a5d077bf5003557cfe70a3f44063f1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

strncmp
IoDeleteSymbolicLink
DbgPrint
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
RtlInitUnicodeString
IoGetCurrentProcess
IofCompleteRequest
ExFreePool
ExAllocatePoolWithTag
RtlFreeUnicodeString
RtlCompareUnicodeString
RtlAnsiStringToUnicodeString
atoi
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
RtlQueryRegistryValues
_strnicmp
ObfDereferenceObject
ObQueryNameString
ZwClose
ObReferenceObjectByHandle
ObOpenObjectByName
RtlInitAnsiString
MmGetSystemRoutineAddress

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 736B - Virtual size: 706B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ