7635097a1d280822c1b0a794e7bdbe5f_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7635097a1d280822c1b0a794e7bdbe5f_JaffaCakes118
Size

28KB
MD5

7635097a1d280822c1b0a794e7bdbe5f
SHA1

8251ebee8750a17f0cc79b438bee8fc31df5f67f
SHA256

a8ede2b8de7b1873e9e6c4d7910b44b2f86714b2d197644074ca8c65ab4dc564
SHA512

24850a96c7b7ffc0ee9052893b92c740808d2d3e8cf2547d819a0bb25520d7e4459bbb52c5e0940f78589b66c914ad32972a5111c577a6c05f933c7f816f4f39
SSDEEP

768:0jaxwrTmfDwFMLQ8YIDr7A0S0jPD1OpxzWNp3OSN+U9Rj:02wryfsuQ8W0S0/Bj/+m

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7635097a1d280822c1b0a794e7bdbe5f_JaffaCakes118

Files

7635097a1d280822c1b0a794e7bdbe5f_JaffaCakes118
.sys windows:5 windows x86 arch:x86

67e8bab25987865985672fbfc2e1eade

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwClose
ExFreePool
wcscpy
ZwEnumerateKey
wcscat
ExAllocatePoolWithTag
ZwOpenKey
RtlInitUnicodeString
IofCompleteRequest
IoGetCurrentProcess
KeDelayExecutionThread
wcsncmp
wcslen
towlower
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
PsCreateSystemThread
_wcsnicmp
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
_strnicmp
ZwWriteFile
ZwSetInformationFile
ZwReadFile
ZwQueryInformationFile
ZwCreateFile
strncmp
PsGetVersion
strncpy
IoRegisterDriverReinitialization
ZwQueryValueKey
_except_handler3
ZwDeleteValueKey
wcsstr
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
ExGetPreviousMode
KeServiceDescriptorTable
ZwSetValueKey

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 800B - Virtual size: 798B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ