082ff7f10dcd12e44f1e4b55807b26be_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

082ff7f10dcd12e44f1e4b55807b26be_JaffaCakes118
Size

27KB
MD5

082ff7f10dcd12e44f1e4b55807b26be
SHA1

08973819ecfffc6207d85e1d653d8dac39f0bdb1
SHA256

b7db71725e711211fe1b69691d5994e4a2ed11cdebcfe5460fdb89ba53db3592
SHA512

cabb185fbdb47a9dd163cff57e7a0fdf96ee6cd35a0d7d31caec2f2fd739d2afc6b112406587fb2730902b5aab66d593a6af26c83241b351262e049a39b89387
SSDEEP

384:6x25+L2xwKoNVXRWMnDVIf+H0VwKZI5tna4l0/mG8eTL0tj3LXCWBb8FT:6xa6vNzWWDVIAKZIDa248eTLSH6FT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
082ff7f10dcd12e44f1e4b55807b26be_JaffaCakes118

Files

082ff7f10dcd12e44f1e4b55807b26be_JaffaCakes118
.sys windows:5 windows x86 arch:x86

6ea7f9c9b1ae18e63b1a6411c817635b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

wcsncmp
wcslen
towlower
ZwClose
wcsstr
ZwQueryValueKey
ZwOpenKey
RtlInitUnicodeString
_except_handler3
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
IoGetCurrentProcess
ExGetPreviousMode
KeServiceDescriptorTable
ZwSetValueKey
PsGetVersion
strncmp
strncpy
ExFreePool
ZwWriteFile
ZwSetInformationFile
ZwReadFile
ExAllocatePoolWithTag
ZwQueryInformationFile
ZwCreateFile
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
wcscat
wcscpy
PsCreateSystemThread
IoRegisterDriverReinitialization
ZwDeleteValueKey
KeDelayExecutionThread
_strnicmp
IofCompleteRequest
_wcsnicmp
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
ZwEnumerateKey

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 800B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ