3e070f07eb2b73ec7be3425c48015f8d_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3e070f07eb2b73ec7be3425c48015f8d_JaffaCakes118
Size

27KB
MD5

3e070f07eb2b73ec7be3425c48015f8d
SHA1

b6ca2504ebbc1dcda413ee4db2835f48b7e186c0
SHA256

56679b0036899d7f61fd144b56540c4622d13bace213b1427fa25ca88e73daf9
SHA512

70f3fad3355f57f2d7987763f5ab0329ed1020fa138c09a10140f8d7fb82728e2b2572bd52b45f05dba8c47ede32b3118a1664a495068780ba5e71c3d3a72a37
SSDEEP

768:i5Pg2AUMAEYIyUj8IITrcHYZvQ5pYr9w6N3RHB2kRM18EPzaOQIZ:wg2LfTLUj8IITrcHYZY5pYr9w6N3Rh21

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3e070f07eb2b73ec7be3425c48015f8d_JaffaCakes118

Files

3e070f07eb2b73ec7be3425c48015f8d_JaffaCakes118
.sys windows:5 windows x86 arch:x86

4fc91d81397ef4d4c517ef403a690467

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwClose
ZwQueryValueKey
ZwOpenKey
RtlInitUnicodeString
_except_handler3
strncmp
IoGetCurrentProcess
PsGetVersion
strncpy
ExFreePool
ZwWriteFile
ZwSetInformationFile
ZwReadFile
ExAllocatePoolWithTag
ZwQueryInformationFile
ZwCreateFile
wcscat
wcscpy
ZwEnumerateKey
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
PsCreateSystemThread
_strnicmp
wcsncmp
wcslen
towlower
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
ExGetPreviousMode
KeServiceDescriptorTable
ZwSetValueKey
IofCompleteRequest
_wcsnicmp
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
ZwDeleteValueKey
KeDelayExecutionThread
wcsstr
IoRegisterDriverReinitialization

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 832B - Virtual size: 772B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ