050834c309084803ff6071c08e66f5d2_JaffaCakes118 | Triage

Sharing

General

Target

050834c309084803ff6071c08e66f5d2_JaffaCakes118
Size

7KB
MD5

050834c309084803ff6071c08e66f5d2
SHA1

0e1f95c5a0c100bd654221162b792c872be04c7a
SHA256

b3ba22d1b94732793c9483f1906d2b388d1b747a6ce64b9fcd9015a8e52a06f1
SHA512

328e32d7e4fb664115f1341256bcb4282cc7617e2f3b72ff11c2f3117c827ec15a6bf26d1c0dd7f6009ab9b1d26e20422e90a89c889a0e0b172865e6809324b5
SSDEEP

192:EefLkN3l2JsXTSFSSXHlsdaUkexEqdf27x7QbE:PLkN3sJl3P3W

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
050834c309084803ff6071c08e66f5d2_JaffaCakes118

Files

050834c309084803ff6071c08e66f5d2_JaffaCakes118
.sys windows:4 windows x86 arch:x86

37d7d43d8af67d691484420536d9ce54

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ndis.sys

NdisGetCurrentSystemTime
NdisRegisterProtocol

ntoskrnl.exe

RtlInitUnicodeString
IoCreateDevice
IoCreateSymbolicLink
IofCompleteRequest
KeServiceDescriptorTable
MmIsAddressValid
IoGetCurrentProcess
PsLookupProcessByProcessId
ObDereferenceObject
IoGetDeviceObjectPointer
IoBuildDeviceIoControlRequest
PsGetCurrentProcessId
IoCreateFile
IofCallDriver
ZwAllocateVirtualMemory
RtlCompareUnicodeString

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 336B - Virtual size: 324B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 608B - Virtual size: 594B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 592B - Virtual size: 586B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ