084a1a0c5c05a3edf2df1c274b1fe94b_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

084a1a0c5c05a3edf2df1c274b1fe94b_JaffaCakes118
Size

22KB
MD5

084a1a0c5c05a3edf2df1c274b1fe94b
SHA1

237a14427bc28343fac1e9f669ade5f6ea073fb2
SHA256

661f4b9f732486e3edb0b6b31dce9324ff369a35bb4fc75c47aef112b2fa1741
SHA512

841a350a5dd7b60bdc075de2c0e80af7489f960ffec07b212815e0e56c22cac743d10e1f5f285a2565f191f1e9a9db072b03e1a013683731809da57e1b8ad712
SSDEEP

384:SKKBwSccRhqBrb0QqOO0jNM8W/3jTupv34Pj1tt1IFaZLZNQjA/9jf90mehHXlQ:+cB9b5qL0ZM3/zTupv343t6WEjA/vehV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
084a1a0c5c05a3edf2df1c274b1fe94b_JaffaCakes118

Files

084a1a0c5c05a3edf2df1c274b1fe94b_JaffaCakes118
.sys windows:5 windows x86 arch:x86

e42e6a314d5c4136786a513e6a7234cc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

PsGetVersion
_wcslwr
wcsncpy
RtlInitUnicodeString
ZwClose
PsTerminateSystemThread
KeDelayExecutionThread
PsCreateSystemThread
swprintf
_stricmp
strncpy
PsLookupProcessByProcessId
ExAllocatePoolWithTag
KeInitializeTimer
IofCompleteRequest
_snprintf
ExFreePool
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
RtlAnsiStringToUnicodeString
ZwCreateFile
IoRegisterDriverReinitialization
PsSetCreateProcessNotifyRoutine
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
MmIsAddressValid
ZwUnmapViewOfSection
ZwSetValueKey
ZwOpenKey
ZwEnumerateKey
strncmp
IoGetCurrentProcess
_wcsnicmp
wcslen
ZwCreateKey
wcscat
wcscpy

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 192B - Virtual size: 164B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 960B - Virtual size: 958B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 576B - Virtual size: 570B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ