0425b14ba2af4d9ecf9be02dcfd562c4_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0425b14ba2af4d9ecf9be02dcfd562c4_JaffaCakes118
Size

26KB
MD5

0425b14ba2af4d9ecf9be02dcfd562c4
SHA1

83a2700cdf7a8e54444820f3797d0aa476d701c5
SHA256

08c0202283e7abd3f0deda46a8b2c1b483707957f540141ae6c32b0449ae5bc2
SHA512

30ec8982e157de78b09c16d551d81457c21620347ef7758958ead2eabbaab860c3898c87e52670d9bccc30bf58affaf265705f2164bab1e4cda545bf26f2f2ed
SSDEEP

768:oDIG7VrOY+ZhDmU0HW1wIufxV8WAex5NG10M4pVgNGukjj8ijhhv+zoJgddgsO8S:oDI0Vl0pmUH1wIKLQkj+asO8S

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0425b14ba2af4d9ecf9be02dcfd562c4_JaffaCakes118

Files

0425b14ba2af4d9ecf9be02dcfd562c4_JaffaCakes118
.sys windows:4 windows x86 arch:x86

26b29800ac951653a16b58387838079d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

MmIsAddressValid
ZwClose
ZwCreateFile
RtlInitUnicodeString
isdigit
IoRegisterDriverReinitialization
isupper
PsTerminateSystemThread
KeDelayExecutionThread
PsCreateSystemThread
swprintf
_stricmp
strncpy
PsLookupProcessByProcessId
atol
ExAllocatePoolWithTag
KeInitializeTimer
IofCompleteRequest
PsSetCreateProcessNotifyRoutine
srand
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
isxdigit
PsGetVersion
DbgPrint
isspace
strncmp
IoGetCurrentProcess
_wcslwr
wcsncpy
_wcsnicmp
wcslen
ZwOpenKey
ZwEnumerateKey
ZwSetValueKey
RtlAnsiStringToUnicodeString
_snprintf
ExFreePool
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
ZwUnmapViewOfSection
strstr
ZwCreateKey
wcscat
wcscpy
islower
atoi

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 736B - Virtual size: 708B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ