28791899ced9b504c99b3f0198b0b462_JaffaCakes118 | Triage

Sharing

General

Target

28791899ced9b504c99b3f0198b0b462_JaffaCakes118
Size

26KB
MD5

28791899ced9b504c99b3f0198b0b462
SHA1

f4545bf8e421d02f3ebda011c52d05bc38b49b9e
SHA256

95d221528d9b045163e64d258766ce4b7fd8d7d653ac2a977caf236adf3181b4
SHA512

7e8e9cc8ca430bd77d09ca4db55a6710f4d6f50146ded6c504eed5315f8da60db44f7547ebde1f8f9c8dbab1dfa25225a09e14dbd88874794ff0b31350dff17e
SSDEEP

192:XFvpF0JTbt1Am1bPvwvZc4mRYHyvgNrUfW3Q8/3G+6D0+bv3vvcGnsbsQrDl+fc0:X1uKH/3x69hILgNiidMhq4K

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
28791899ced9b504c99b3f0198b0b462_JaffaCakes118

Files

28791899ced9b504c99b3f0198b0b462_JaffaCakes118
.sys windows:4 windows x86 arch:x86

cce4c0c7eda1fcfaad859e6e2af88431

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

MmIsAddressValid
_wcslwr
wcsncpy
PsGetVersion
ZwCreateFile
ZwEnumerateKey
ZwSetValueKey
ZwClose
ZwOpenKey
RtlInitUnicodeString
IoRegisterDriverReinitialization
swprintf
RtlFreeUnicodeString
KeDelayExecutionThread
wcslen
ZwCreateKey
wcscat
wcscpy
ZwUnmapViewOfSection
PsSetCreateProcessNotifyRoutine
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
_snprintf
ExFreePool
ExAllocatePoolWithTag
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
strncmp
IoGetCurrentProcess
_wcsnicmp
PsTerminateSystemThread
PsCreateSystemThread
_stricmp
strncpy
PsLookupProcessByProcessId
KeInitializeTimer
IofCompleteRequest
RtlAnsiStringToUnicodeString

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 992B - Virtual size: 986B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 672B - Virtual size: 666B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ