31f3a043d7429a02e3892cb90791af7b_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

31f3a043d7429a02e3892cb90791af7b_JaffaCakes118
Size

130KB
MD5

31f3a043d7429a02e3892cb90791af7b
SHA1

60ec27857e88d38b4b1dd1e288443f598192f5f2
SHA256

4e8bdb4c9ef6c3633cfa3ccaae8258ccaba2217834b1a582adc1fc26c35bfd14
SHA512

9279ff1dda57df25305b70e5cfe40c645584bec9e2e37f717a98a34a7b2f04d47e31da8f52557c1e5f5a13bd04269de59f42b0541a7bf2c20bf87edd72b525d4
SSDEEP

3072:q1YhEwEKDqYg6YrIA5Pyip50nGY8pRffpwAR:q1o0KDVFc5aip50nGfcA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
31f3a043d7429a02e3892cb90791af7b_JaffaCakes118

Files

31f3a043d7429a02e3892cb90791af7b_JaffaCakes118
.sys windows:4 windows x86 arch:x86

3f82fbc608bef40ca851b7d291adefe9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

strlen
ZwClose
ZwWriteFile
ZwCreateFile
RtlInitUnicodeString
strncmp
PsGetProcessImageFileName
PsLookupProcessByProcessId
ZwSetValueKey
ZwCreateKey
memset
ExAllocatePoolWithTag
memcpy
ExFreePoolWithTag
ObQueryNameString
ObfDereferenceObject
ObReferenceObjectByHandle
IoGetCurrentProcess
strncpy
IoGetRequestorProcess
_strnicmp
MmIsAddressValid
ZwOpenFile
IofCompleteRequest

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 124KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 608B - Virtual size: 586B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 492B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ