64c5bb8a140f2bd9bb10c447aaca9b9a_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

64c5bb8a140f2bd9bb10c447aaca9b9a_JaffaCakes118
Size

27KB
MD5

64c5bb8a140f2bd9bb10c447aaca9b9a
SHA1

5ea628e52adf4d05211b4f6517143f0f6c47f76c
SHA256

f753dc6f8de958c7c7bff937f76bc4b71e878f849fb1a906c0b06cf1cf2127c7
SHA512

9082484d4cf99ccc4b582affd6b936f8c1c32846d6f6eab36c88873c45994c1b915d4e60c8de173ce4c4b4a3ad832ca186cbbc7cc9a72dfa43c858cfbeafdb67
SSDEEP

768:nKQArHzkgTGvu3XAyjv8KAgVVCwNJ/rcQSHvZceNLAfK5zd:K/MgTGGRkOg+J/rcQKaeg8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
64c5bb8a140f2bd9bb10c447aaca9b9a_JaffaCakes118

Files

64c5bb8a140f2bd9bb10c447aaca9b9a_JaffaCakes118
.sys windows:4 windows x86 arch:x86

38fc1e1857f8f43da29971f658f7e5f5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwClose
RtlInitUnicodeString
ZwOpenKey
_wcsnicmp
wcslen
IofCompleteRequest
_strnicmp
MmGetSystemRoutineAddress
_stricmp
strncpy
strncmp
swprintf
wcscat
wcscpy
ExFreePool
_snprintf
ExAllocatePoolWithTag
ObfDereferenceObject
RtlCopyUnicodeString
RtlAnsiStringToUnicodeString

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 832B - Virtual size: 802B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ