8779a0291ad68a78657dac30dfda5653_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8779a0291ad68a78657dac30dfda5653_JaffaCakes118
Size

50KB
MD5

8779a0291ad68a78657dac30dfda5653
SHA1

93207f5682f1f67b34395a12bba5bdc63058537b
SHA256

fad443b20fb720f0575bb76de2b04f869a6f5679481a8c40cefcab75bfd93df1
SHA512

1bcad895b31085cbecfb5281f5f7f409770dabffbc2d5282ee75ac989e5287b5d147560883776735b6cf869f5c8eb8343a986bfa596cc644ec83063e5f80496b
SSDEEP

768:Ne4Lq9O9E1o61kAJjEfAqEFtZD9ov2XFZWmTiPaDgf1R4dTw3pDLHvqfrXLih20y:NZw1i+2liLp4zWJpymsuA7a8yeMl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8779a0291ad68a78657dac30dfda5653_JaffaCakes118

Files

8779a0291ad68a78657dac30dfda5653_JaffaCakes118
.sys windows:4 windows x86 arch:x86

3b491556175da2a32fc718bff4313343

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

wcsncmp
wcslen
towlower
MmGetSystemRoutineAddress
RtlInitUnicodeString
_strnicmp
ZwClose
wcsstr
ZwQueryValueKey
ZwOpenKey
_except_handler3
ExFreePool
wcscpy
ZwEnumerateKey
wcscat
ExAllocatePoolWithTag
ZwWriteFile
ZwSetInformationFile
ZwReadFile
ZwQueryInformationFile
ZwCreateFile
ZwDeleteValueKey
KeDelayExecutionThread
PsCreateSystemThread
IofCompleteRequest
IoGetCurrentProcess
IoRegisterDriverReinitialization
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
ExGetPreviousMode
KeServiceDescriptorTable
ZwSetValueKey
PsGetVersion
strncmp
strncpy
_wcsnicmp
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime

Sections

.text
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 992B - Virtual size: 986B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 896B - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ