9631d5158d0a9838a31c392220d5e235_JaffaCakes118 | Triage

Sharing

General

Target

9631d5158d0a9838a31c392220d5e235_JaffaCakes118
Size

30KB
MD5

9631d5158d0a9838a31c392220d5e235
SHA1

46b692e854e1546e0b1846952a361c3c803a85ec
SHA256

9aab25b231d080c8568b0437a7487bb906aa1f9ed39ee3ddc832deaa38e27405
SHA512

b4b1f129aeb0213cad9fc7c57cf0560daa3bdda4af8cdabdbe489f47b2f810e6ecb03a4b3cefa05138c6e5879a13ef86ff7da2160ac291d7757bf9e4e3eb6052
SSDEEP

768:J4a2KrvKFnAm76t5WNFhE+jITU/veq9JKckyMFycvB:KafrvgAi+5WzqFTEnLKckyMFysB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9631d5158d0a9838a31c392220d5e235_JaffaCakes118

Files

9631d5158d0a9838a31c392220d5e235_JaffaCakes118
.sys windows:5 windows x86 arch:x86

54087ff48fae6e3bd99f3ef83a9613bf

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExFreePool
ZwClose
ZwWriteFile
ZwSetInformationFile
ZwReadFile
ExAllocatePoolWithTag
ZwQueryInformationFile
ZwCreateFile
RtlInitUnicodeString
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
wcscat
wcscpy
PsCreateSystemThread
ZwEnumerateKey
ZwOpenKey
KeDelayExecutionThread
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
IoGetCurrentProcess
ExGetPreviousMode
KeServiceDescriptorTable
ZwSetValueKey
PsGetVersion
IoRegisterDriverReinitialization
_strnicmp
ZwDeleteValueKey
_except_handler3
ZwQueryValueKey
strncmp
strncpy
wcsstr
wcsncmp
wcslen
towlower
IofCompleteRequest
_wcsnicmp
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 832B - Virtual size: 812B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ