5f4d8342be22271d1a2e62f98bb27488_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5f4d8342be22271d1a2e62f98bb27488_JaffaCakes118
Size

50KB
MD5

5f4d8342be22271d1a2e62f98bb27488
SHA1

bb983ff1908581b46478a98a9c8fa11cb8ac6a20
SHA256

6caf1e2009f3bb9cfc3118be511f81f7549dd1db20a739b4baa6befe1250a87b
SHA512

0908a467fdfbc567644f4b9a1aa96d3bf8e76a1cea42652fd6b6ee5e62bda1fa56615e62fb8423830d2b9573861eb6be34bce60f7a1f2605f279aaaa6e3372e5
SSDEEP

768:I0dxEDSr1LNuAAn4mHGQy3+vQI17MS4ywHzcnrpMspps4IC7OeBR19:I0DnLrAneCQk7MS4JzcnVM+/7b9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5f4d8342be22271d1a2e62f98bb27488_JaffaCakes118

Files

5f4d8342be22271d1a2e62f98bb27488_JaffaCakes118
.sys windows:4 windows x86 arch:x86

c155e031b65f3972f1c11155be41c8b4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

_wcsnicmp
wcslen
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
ZwClose
ZwCreateFile
RtlInitUnicodeString
IoRegisterDriverReinitialization
wcscat
wcscpy
PsCreateSystemThread
ExFreePool
ZwEnumerateKey
ExAllocatePoolWithTag
ZwOpenKey
KeDelayExecutionThread
ZwWriteFile
ZwSetInformationFile
ZwReadFile
ZwQueryInformationFile
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
IoGetCurrentProcess
ExGetPreviousMode
KeServiceDescriptorTable
ZwSetValueKey
PsGetVersion
MmGetSystemRoutineAddress
wcsstr
ZwQueryValueKey
_except_handler3
_strnicmp
IofCompleteRequest
wcsncmp
towlower
strncmp
strncpy
ZwDeleteValueKey

Sections

.text
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 992B - Virtual size: 986B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 928B - Virtual size: 902B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ