7534cf54824009298c7f41edfed402b9_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7534cf54824009298c7f41edfed402b9_JaffaCakes118
Size

10KB
MD5

7534cf54824009298c7f41edfed402b9
SHA1

77dcb5ca46cc518834d18fcd4274ed821b82266f
SHA256

9d232480b6b9d745b866d19d061495744b0da12af3d32d58f257ea612b663b73
SHA512

c2128d53a4317573dbbd64a6470beb6d4f621b36889fddb7bfeca9046f434f1de6a487c8a80e8a8b59d06a84465e486ec07b72f021b379a4b374a3feebdd6d35
SSDEEP

192:nsSfVCqOr8kgvnomnrncW5PHe7iBdVPxi:sSmJ8XR6iBLpi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7534cf54824009298c7f41edfed402b9_JaffaCakes118

Files

7534cf54824009298c7f41edfed402b9_JaffaCakes118
.sys windows:5 windows x86 arch:x86

7419bced976aadfd56ac2cab7fea6227

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

T:\Projects\bot\rootkit\Rootkit.pdb

Imports

ntoskrnl.exe

wcsncmp
wcslen
MmUserProbeAddress
ExFreePoolWithTag
ExAllocatePoolWithTag
ZwQuerySystemInformation
NtBuildNumber
ObfDereferenceObject
KeInsertQueueApc
KeInitializeApc
ObReferenceObjectByHandle
ZwOpenThread
wcscat
RtlInitUnicodeString
wcscpy
IofCompleteRequest
DbgPrint
MmIsAddressValid
ZwClose
ZwReadFile
ZwQueryInformationFile
ZwOpenFile
IoDeleteDevice
IoDeleteSymbolicLink
IoCreateSymbolicLink
IoCreateDevice
KeServiceDescriptorTable
RtlCopyUnicodeString
ZwAllocateVirtualMemory
KeDetachProcess
KeAttachProcess
PsLookupProcessByProcessId
_except_handler3

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 896B - Virtual size: 836B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 476B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ