5d71842ea31ae113121d771536fac0c6_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5d71842ea31ae113121d771536fac0c6_JaffaCakes118
Size

11KB
MD5

5d71842ea31ae113121d771536fac0c6
SHA1

4c00978f7326dea54c45898453565311d1c04d0b
SHA256

04bd5998ca1515024ae584aabac5583463216ee5b58343c41b4347925f0963ff
SHA512

de4a8e1da643d1029cf1e2c174ec9a2c88c93c8bb0486cd49eb543656e92e5ce7878781a67810356202729c45d9863456e2582b2884daca36eddd4aac31ea8b3
SSDEEP

192:WAO/fDSCfLX615rQfAGgY3ckMVLhCUvCZbrf5qY46Op3eE60+fNiSeDzSYGYNeUK:WAOHDSCfa1KLsHqHxlq9zp3el0++GYNP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5d71842ea31ae113121d771536fac0c6_JaffaCakes118

Files

5d71842ea31ae113121d771536fac0c6_JaffaCakes118
.sys windows:5 windows x86 arch:x86

9d2572f62e7689ec54109cc120b79478

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\SysEnterHook\SysEnterHook\objchk\i386\saruen.pdb

Imports

ntoskrnl.exe

strncpy
DbgPrint
ObfDereferenceObject
ObReferenceObjectByHandle
ZwClose
ObOpenObjectByPointer
MmGetSystemRoutineAddress
RtlInitUnicodeString
PsLookupProcessByProcessId
_except_handler3
PsLookupThreadByThreadId
IoGetCurrentProcess
RtlUnicodeStringToAnsiString
KeServiceDescriptorTable
MmIsAddressValid
KeAddSystemServiceTable
ZwQuerySystemInformation
ZwOpenThread
ZwOpenProcess
ExAllocatePoolWithTag
MmUserProbeAddress
IofCompleteRequest
IoDeleteDevice
IoDeleteSymbolicLink
IoCreateSymbolicLink
IoCreateDevice
RtlFreeAnsiString
strncmp

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 280B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 256B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 896B - Virtual size: 786B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 896B - Virtual size: 878B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ