76b54d7c296e7c62a45d21446f2bf1a8_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

76b54d7c296e7c62a45d21446f2bf1a8_JaffaCakes118
Size

10KB
MD5

76b54d7c296e7c62a45d21446f2bf1a8
SHA1

59c379fa1f456f219aa11de703b4370c35aa561e
SHA256

1b7bc20d15fa33bf73c22e061f48c96c1e9a5e87466bb1ef5f5070726a554e9c
SHA512

a20150e8a5319ea5517c987e75d43113bc11f16fdc1e79896c0b0962cd1bd5efeacbc9e576dc4cc8f4ed7fe6c390f13e3ff5d08652c14d9128a1a4cf46d663a5
SSDEEP

192:46qr2OFLbaEkW5pxnz6wPl91PUnd7RBx51UThi:JGdFaEkWIwPl91oRBx51Ui

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
76b54d7c296e7c62a45d21446f2bf1a8_JaffaCakes118

Files

76b54d7c296e7c62a45d21446f2bf1a8_JaffaCakes118
.sys windows:5 windows x86 arch:x86

ae4cc66ae4061de98b3df9544455c32b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

strstr
IoGetCurrentProcess
strncpy
RtlCopyUnicodeString
RtlInitUnicodeString
ExAllocatePoolWithTag
ExFreePool
RtlAppendUnicodeToString
wcslen
RtlUnicodeStringToAnsiString
wcscpy
ZwEnumerateKey
ZwQueryKey
ZwOpenKey
strncmp
atoi
ZwClose
ZwQueryValueKey
_except_handler3
RtlTimeFieldsToTime
RtlTimeToTimeFields
KeServiceDescriptorTable
IoDeleteDevice
IoDeleteSymbolicLink
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 224B - Virtual size: 212B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 672B - Virtual size: 662B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 352B - Virtual size: 350B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ