4a40faa57070b8d0a362005fc500d5d7_JaffaCakes118 | Triage

Sharing

General

Target

4a40faa57070b8d0a362005fc500d5d7_JaffaCakes118
Size

30KB
MD5

4a40faa57070b8d0a362005fc500d5d7
SHA1

cb58687578005bf6fdff609b29541859ab17bdc9
SHA256

888e54fdf8dd5501b7c0992d2244fe0a3a86f53c84d57dcf519f6eb44984bc24
SHA512

8ddf87a0f333c21abc573ad18210376d85e7d617ade6089b3e4fc2c17c913168e57300c89bbcaced85dbc1bc90695ba60a4e68269486f534f89e7129d7191179
SSDEEP

384:UjiM/S85PM2mmyt2rgCENDE+lsQRRJi15QcchrCsaptbXq+zWk6nCNIZ23LZ953:p+Al7cem/bXq+qoNT/53uKh0scOcoU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4a40faa57070b8d0a362005fc500d5d7_JaffaCakes118

Files

4a40faa57070b8d0a362005fc500d5d7_JaffaCakes118
.sys windows:5 windows x86 arch:x86

1766072a5a14908d992b3452b86bd45b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwClose
ExFreePool
wcscat
wcscpy
ZwEnumerateKey
ExAllocatePoolWithTag
ZwOpenKey
RtlInitUnicodeString
ZwWriteFile
ZwSetInformationFile
ZwReadFile
ZwQueryInformationFile
ZwCreateFile
strncmp
IoGetCurrentProcess
PsGetVersion
strncpy
IofCompleteRequest
ZwDeleteValueKey
KeDelayExecutionThread
_except_handler3
PsCreateSystemThread
ZwQueryValueKey
_strnicmp
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
ExGetPreviousMode
KeServiceDescriptorTable
ZwSetValueKey
_wcsnicmp
wcslen
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
wcsstr
IoRegisterDriverReinitialization
wcsncmp
towlower

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 832B - Virtual size: 806B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ