19a96c29cec0f190357c6f55275e056a_JaffaCakes118 | Triage

Sharing

General

Target

19a96c29cec0f190357c6f55275e056a_JaffaCakes118
Size

26KB
MD5

19a96c29cec0f190357c6f55275e056a
SHA1

8cb6175a9d4d9357f1ce442687dc15ef191ce739
SHA256

607051b653d878e99b41c9d64603392c59bbfadac6086dde5c7cf91da6e944d2
SHA512

d763a43471a72df3364df0ec79e61c10ea6ad0bb7b51a1798ce27b88f3f7aae9ea66dc10fccf70dbf6f4356939d926ec83921ba229909e85ece951bdd5d1028a
SSDEEP

768:QgJawyNK7ILLftfshs6u16ccnXrNhLPN8a6FGnedaQXlty:HJ8KIPfN6u16ccnXrvLPNwYnedjlty

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
19a96c29cec0f190357c6f55275e056a_JaffaCakes118

Files

19a96c29cec0f190357c6f55275e056a_JaffaCakes118
.sys windows:5 windows x86 arch:x86

098f11847f87743c60e815be4262d06a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

wcsncmp
wcslen
towlower
_wcsnicmp
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
ZwClose
ZwCreateFile
RtlInitUnicodeString
IoRegisterDriverReinitialization
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
IoGetCurrentProcess
ExGetPreviousMode
KeServiceDescriptorTable
ZwSetValueKey
PsGetVersion
ExFreePool
ZwWriteFile
ZwSetInformationFile
ZwReadFile
ExAllocatePoolWithTag
ZwQueryInformationFile
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
PsCreateSystemThread
wcscpy
ZwEnumerateKey
wcscat
ZwOpenKey
KeDelayExecutionThread
_strnicmp
strncmp
strncpy
ZwQueryValueKey
_except_handler3
ZwDeleteValueKey
wcsstr
IofCompleteRequest

Sections

.text
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 896B - Virtual size: 862B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ