159cc0b8c7d4f2debc615c6fd6fcca6e_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

159cc0b8c7d4f2debc615c6fd6fcca6e_JaffaCakes118
Size

25KB
MD5

159cc0b8c7d4f2debc615c6fd6fcca6e
SHA1

4b42d364318d75e29070726f34fc63f080823796
SHA256

73af902cbf25d6d809840f8bbc98811c13b14c3661a0494db2b215202647e920
SHA512

14eb4c235041b94ffcbec02450ad46d3a82dc7df67388bedbba32507e3574841070dc496e414de309263a00b4beb3e3f966447f4fe2844fb0068564f61f35221
SSDEEP

768:w5aPXQ+m9uNDI/R4/d+Vb9Ww9D9BgSHFC8frIK6xT7ATv:5Q+m9uxI/R4/d+1sgD91HFC8DFv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
159cc0b8c7d4f2debc615c6fd6fcca6e_JaffaCakes118

Files

159cc0b8c7d4f2debc615c6fd6fcca6e_JaffaCakes118
.sys windows:5 windows x86 arch:x86

7f92a8b60052fa86d7c710c082578933

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwClose
ZwDeleteValueKey
RtlInitUnicodeString
KeDelayExecutionThread
_except_handler3
PsCreateSystemThread
ZwQueryValueKey
ZwOpenKey
ExFreePool
ZwWriteFile
ZwSetInformationFile
ZwReadFile
ExAllocatePoolWithTag
ZwQueryInformationFile
ZwCreateFile
wcscpy
ZwEnumerateKey
wcscat
strncmp
IoGetCurrentProcess
PsGetVersion
strncpy
_wcsnicmp
wcslen
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
IofCompleteRequest
_strnicmp
wcsstr
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
ExGetPreviousMode
KeServiceDescriptorTable
ZwSetValueKey
IoRegisterDriverReinitialization
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
wcsncmp
towlower

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 768B - Virtual size: 740B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ