83e4552eef33b42f2d80e52e3b36a3dc_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

83e4552eef33b42f2d80e52e3b36a3dc_JaffaCakes118
Size

47KB
MD5

83e4552eef33b42f2d80e52e3b36a3dc
SHA1

8bdf4b7f91037a6646bab2cef97841c145d8182d
SHA256

5904043229ddf8d1f2af23bad72a825b09668075833f01250ab29d8d3b43b5d9
SHA512

31d868c1d74a7cf7efbe5ee144aef5380505a7d174dacba1a35423b8418bb0f095431a3c2369b2706d092d17a91be79a8aff208c61cc6d6d5478e3f57a5aae22
SSDEEP

768:K3TSmNj1gYQeI3NAwqYjWMOqRg37ZstuWrfDsYiCLMmJLjmkVCcX+XKtnPoUn:KjX3vQeI3NAwqYpOqRY7+EWHsjCLMmJl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
83e4552eef33b42f2d80e52e3b36a3dc_JaffaCakes118

Files

83e4552eef33b42f2d80e52e3b36a3dc_JaffaCakes118
.sys windows:4 windows x86 arch:x86

a5a612a2e86bc93d0b5eee68095b9792

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

_strnicmp
IofCompleteRequest
IoGetCurrentProcess
ZwClose
ZwQueryValueKey
ZwOpenKey
RtlInitUnicodeString
_except_handler3
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
ExGetPreviousMode
KeServiceDescriptorTable
ZwSetValueKey
PsGetVersion
ExFreePool
ExAllocatePoolWithTag
wcscat
wcscpy
ZwEnumerateKey
ZwCreateFile
IoRegisterDriverReinitialization
PsCreateSystemThread
_wcsnicmp
wcslen
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
ZwWriteFile
ZwSetInformationFile
ZwReadFile
ZwQueryInformationFile
wcsstr
MmGetSystemRoutineAddress
strncmp
strncpy
wcsncmp
towlower
KeDelayExecutionThread
ZwDeleteValueKey

Sections

.text
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 992B - Virtual size: 986B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 896B - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ