735551f08daa621ffee488e5a871c75f_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

735551f08daa621ffee488e5a871c75f_JaffaCakes118
Size

49KB
MD5

735551f08daa621ffee488e5a871c75f
SHA1

16403243dab5ed5f2403f06fea6519eb17a8d30f
SHA256

4760dda4a5b99a99e32843cbc419328f90f886a54aa47c5c7142a9627f78bcd8
SHA512

5a28973f8b262e5a15b9ffd680c31d1b9506403156d9775892a0619ead6cd13bdd13dfc838cf0a49c76e86d6e96cfba8e02c79824955a43603672c2110d6e4e4
SSDEEP

768:tR68hn57KUakI6w5y5GVfxRY7pfcomt5Y8DNYSLD2:twC5euI6w5RxjspkTt5d3D2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
735551f08daa621ffee488e5a871c75f_JaffaCakes118

Files

735551f08daa621ffee488e5a871c75f_JaffaCakes118
.sys windows:4 windows x86 arch:x86

9a4fe8b4073006524c70210ca57a3a4b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwClose
ZwCreateFile
RtlInitUnicodeString
IoRegisterDriverReinitialization
PsSetCreateProcessNotifyRoutine
wcscat
wcscpy
RtlAnsiStringToUnicodeString
_snprintf
ExFreePool
ExAllocatePoolWithTag
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
ZwSetValueKey
ZwOpenKey
ZwEnumerateKey
MmIsAddressValid
swprintf
PsGetVersion
_wcslwr
wcsncpy
MmGetSystemRoutineAddress
PsTerminateSystemThread
KeDelayExecutionThread
PsCreateSystemThread
_stricmp
strncpy
PsLookupProcessByProcessId
KeInitializeTimer
IofCompleteRequest
strncmp
IoGetCurrentProcess
_wcsnicmp
wcslen
ZwCreateKey
ZwUnmapViewOfSection

Sections

.text
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 288B - Virtual size: 275B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 928B - Virtual size: 900B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 736B - Virtual size: 718B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ