9427a127b13b8f2c1dd9e97392ce7bde_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

9427a127b13b8f2c1dd9e97392ce7bde_JaffaCakes118
Size

9KB
MD5

9427a127b13b8f2c1dd9e97392ce7bde
SHA1

3a4942a26ac852574ba693fe8b2fe09ac439e8fb
SHA256

79ff75f3026d71d9033085a8ccbcb358042ff127b7034123c4bed8b1d1f7dfd2
SHA512

a7883a61a664eeb7894e65c717620e14fee8fd18834765877aaebf0f5733b068e419030929f4a7ee9e969a9d55ec53c28b082d49ce5c220bd690dde1f3602ca2
SSDEEP

96:0ZGdhUMnAnvG6IazIfEF6mk1Hid1IWb8x6Iv4LZxO4KX7LvYBQKNCC/DvKh/O25O:uGZS7w1YzbcFWxO4SLvYBT7ChV5+d

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9427a127b13b8f2c1dd9e97392ce7bde_JaffaCakes118

Files

9427a127b13b8f2c1dd9e97392ce7bde_JaffaCakes118
.sys windows:4 windows x86 arch:x86

b65a57e6e2da6903db4edb39847694dd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwCreateKey
ZwClose
ZwOpenKey
ZwSetValueKey
wcslen
ZwQueryValueKey
ExAllocatePool
RtlInitUnicodeString
RtlUnicodeStringToAnsiString
RtlFreeAnsiString
ExFreePool
ZwCreateFile
ZwSetInformationFile
ZwOpenFile
ZwQueryInformationFile
memset
ZwReadFile
ZwWriteFile
KeGetCurrentThread
KeQueryPriorityThread
KeSetPriorityThread
KeInitializeTimerEx
KeSetTimerEx
KeWaitForSingleObject
RtlEqualUnicodeString
RtlAppendUnicodeStringToString
KeCancelTimer
PsTerminateSystemThread
IoDeleteSymbolicLink
IoDeleteDevice
PsCreateSystemThread
ObReferenceObjectByHandle
IoCreateDevice
IoCreateSymbolicLink
ObfDereferenceObject

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 160B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 320B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 896B - Virtual size: 894B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 480B - Virtual size: 468B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ