94f6519f7f1e9d8ee84999d1ac74dd2a_JaffaCakes118 | Triage

Sharing

General

Target

94f6519f7f1e9d8ee84999d1ac74dd2a_JaffaCakes118
Size

8KB
MD5

94f6519f7f1e9d8ee84999d1ac74dd2a
SHA1

918a5179e1f060a28a0c0ddf73a742daeb0afbe4
SHA256

6d031264b7fc40de78c6fd4a9cafd51b27d87aa122c1432b5ccdb579efc4b90b
SHA512

37ab28196a69331357c5cdcfb96ccf733676839b74eaa01f66c5821f9693a79901e40acedc26a52270b3a2553c49260cc3b703252eb494a88f7a97768132c12b
SSDEEP

192:UjnE04dXW6i+vAt8Utjs1f2JzzaRn4Q5n4Cpol0p:un2XGOD2JvaRx5P

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
94f6519f7f1e9d8ee84999d1ac74dd2a_JaffaCakes118

Files

94f6519f7f1e9d8ee84999d1ac74dd2a_JaffaCakes118
.sys windows:5 windows x86 arch:x86

5e0a6482dbc8888dbbe2adca2b6f9091

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

wcscat
wcscpy
IofCallDriver
IoBuildDeviceIoControlRequest
IoGetDeviceObjectPointer
RtlInitUnicodeString
NtBuildNumber
ObfDereferenceObject
ObReferenceObjectByName
IoDriverObjectType
_except_handler3
ObQueryNameString
wcslen
wcsstr
InterlockedExchange
KeServiceDescriptorTable
IofCompleteRequest
IoDeleteDevice
IoDeleteSymbolicLink
IoCreateSymbolicLink
IoCreateDevice
swprintf
wcsncat
ObReferenceObjectByHandle
ZwClose

ndis.sys

NdisDeregisterProtocol
NdisRegisterProtocol

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 380B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 736B - Virtual size: 734B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 416B - Virtual size: 386B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ