4dca0d115af8650b7f6d19528e4237bb_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4dca0d115af8650b7f6d19528e4237bb_JaffaCakes118
Size

24KB
MD5

4dca0d115af8650b7f6d19528e4237bb
SHA1

b953b058ac8e631d405250d1e138480276d383ae
SHA256

cc0e856be59f4d51387e2e1bedcc815ff99ebdb7a65312c5604a841dd495f214
SHA512

867c9630ce271a7a7c8801f3d0d203a065191fdbefabe024c800556844903454d9d22c34850b04703576693f6262de56dc7d105a35d863fc1367d98710747f00
SSDEEP

768:O2tJGNwbjlkaMRaLroGWUQbjwdHGIZlBsWcZKvIZpq/Wr:O2KcldMRaLrZWUQ4hGIZlBsWcZKvIi/U

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4dca0d115af8650b7f6d19528e4237bb_JaffaCakes118

Files

4dca0d115af8650b7f6d19528e4237bb_JaffaCakes118
.sys windows:5 windows x86 arch:x86

b1f516c31532959095312a47970767f4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

_wcsnicmp
wcslen
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
ZwClose
wcsstr
ZwQueryValueKey
ZwOpenKey
RtlInitUnicodeString
_except_handler3
ExFreePool
wcscat
wcscpy
ZwEnumerateKey
ExAllocatePoolWithTag
_strnicmp
IofCompleteRequest
IoGetCurrentProcess
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
ExGetPreviousMode
KeServiceDescriptorTable
ZwSetValueKey
PsGetVersion
ZwDeleteValueKey
KeDelayExecutionThread
PsCreateSystemThread
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
wcsncmp
towlower
ZwWriteFile
ZwSetInformationFile
ZwReadFile
ZwQueryInformationFile
ZwCreateFile
strncmp
strncpy
IoRegisterDriverReinitialization

Sections

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 736B - Virtual size: 732B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ