81d00544b8e8f485ec754953df28435b_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

81d00544b8e8f485ec754953df28435b_JaffaCakes118
Size

27KB
MD5

81d00544b8e8f485ec754953df28435b
SHA1

699b449fdaca5855c408c53326d9120c04a6d183
SHA256

3546b02c87670abdd420c5a64ef15020e9a7e78606c883005e58b84f6a361e12
SHA512

4a02abc277aaa82c9aef813b2bddc8d020e4564f37a5675b265f66c2f1795a29d349395b80ac108bdac4000321da7e03d56f268e9a94d6f74e626e8f173ee805
SSDEEP

768:G4kARDom1JB+VvrEFERDjWkw+8T859bCuvaT9wlJmv5/DBOsNRVeWg4Ey5uC:G43R13+VvrEFERikw+s859viT9wlJmvD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
81d00544b8e8f485ec754953df28435b_JaffaCakes118

Files

81d00544b8e8f485ec754953df28435b_JaffaCakes118
.sys windows:5 windows x86 arch:x86

034c264557ed678a2b7d069222f7a6be

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

_strnicmp
ZwClose
ZwDeleteValueKey
RtlInitUnicodeString
KeDelayExecutionThread
_except_handler3
PsCreateSystemThread
ZwQueryValueKey
ZwOpenKey
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
wcsstr
IofCompleteRequest
IoGetCurrentProcess
ZwCreateFile
IoRegisterDriverReinitialization
wcsncmp
wcslen
towlower
strncmp
PsGetVersion
strncpy
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
ExGetPreviousMode
KeServiceDescriptorTable
ZwSetValueKey
ExFreePool
wcscpy
ZwEnumerateKey
wcscat
ExAllocatePoolWithTag
ZwWriteFile
ZwSetInformationFile
ZwReadFile
ZwQueryInformationFile
_wcsnicmp
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 768B - Virtual size: 746B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ