4364cea65ee49e18480bae2a5edc44d4_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4364cea65ee49e18480bae2a5edc44d4_JaffaCakes118
Size

92KB
MD5

4364cea65ee49e18480bae2a5edc44d4
SHA1

0fe1899e8b90ae51d2bcdc58dfd3c89663496bdd
SHA256

2baf93a196909e69f69de35f3fbc4d2132cd38ed09a79e0b23e1f5979acef8f9
SHA512

ecd4ba35c9c57cdf72901ea86e751984b382dccd0113084e554c40df69bc68c46fa060977e15795911fcbe00657ded610e21a2731ec490a644f9023fc8d5a7da
SSDEEP

1536:HCQ82WDXF/5puRVaWG3y9Dt/+M+Au+Y31966ZScQGIQxHdWlXBa:HCQ8j55pGz7/huiS1xds

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4364cea65ee49e18480bae2a5edc44d4_JaffaCakes118

Files

4364cea65ee49e18480bae2a5edc44d4_JaffaCakes118
.sys windows:5 windows x86 arch:x86

59aaba4ec56cd5a09938ba5babe57173

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Bear\Project\Yaphon\DM\DM_1.3\Temp\LoadDriver\Release\LoadDriver.pdb

Imports

ntoskrnl.exe

ExFreePoolWithTag
KeQuerySystemTime
ExAllocatePoolWithTag
_except_handler3
wcscat
wcscpy
_local_unwind2
ZwReadFile
ZwQueryInformationFile
ZwClose
ZwCreateFile
RtlInitUnicodeString
ZwWriteFile
IoDeleteDevice
IoRegisterShutdownNotification
DbgPrint
IoCreateDevice
sprintf
ZwSetSystemTime
ZwQueryValueKey
ZwOpenKey
ZwSetValueKey
ZwCreateKey
wcslen

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 640B - Virtual size: 560B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ