693a8f4823a79bcfc9472b1e2a9575f5_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

693a8f4823a79bcfc9472b1e2a9575f5_JaffaCakes118
Size

27KB
MD5

693a8f4823a79bcfc9472b1e2a9575f5
SHA1

f5905fa69bc9a9d20393103369209e6e46db9947
SHA256

1debffb50a9e859b09e2b9e06ef05d4e79b45f1fda359016bad2a47df9aeaab2
SHA512

493142d6397e4b51e6684e21bda42000319fe58a1bcdac0d8c627729d3e9e36c6ce45d93830a17647066007792ed5b98eb60466d06b474db14bd242748113310
SSDEEP

384:EUv2TUwUeN7tYBmd53vX0XQFx1yaRY9A8p/sdASnlJDITMuAy+lp+KEpk6:ZeTUwJ7tYkL3v+QL1zRYClpITXgEb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
693a8f4823a79bcfc9472b1e2a9575f5_JaffaCakes118

Files

693a8f4823a79bcfc9472b1e2a9575f5_JaffaCakes118
.sys windows:4 windows x86 arch:x86

9a1af1ec867aac314648934057126eb5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlAnsiStringToUnicodeString
wcscat
wcscpy
swprintf
ObfDereferenceObject
MmGetSystemRoutineAddress
RtlInitUnicodeString
_stricmp
strncpy
wcslen
_wcsnicmp
_strnicmp
strncmp
IofCompleteRequest
ExFreePool
_snprintf
ExAllocatePoolWithTag
RtlCopyUnicodeString
ZwClose
ZwOpenKey

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 864B - Virtual size: 842B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ