972c42b26b3d4c8591c6ba05cf4fe9c4_JaffaCakes118 | Triage

Sharing

General

Target

972c42b26b3d4c8591c6ba05cf4fe9c4_JaffaCakes118
Size

28KB
MD5

972c42b26b3d4c8591c6ba05cf4fe9c4
SHA1

9ec8e6f8bc78990ba00b74feeaeebe635152b59f
SHA256

18c5b3d0ae5514beb25f069894b796d2cf9934760327199fa8dabc065948e10c
SHA512

3f5c3bf50894ffeb12faa132c1e7c5821b74c5e3913eb128a6cfc5e5fd08ec944f81992891413e1783647f6d4a447a5bee831b75bca4cec2303c0b84c406c922
SSDEEP

768:KQ9wkrmeh+BM9BtxghlsZnzkEuKBRyj8sSqa3jmWZuc:Egh+MclMVfRyj8Ia3jh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
972c42b26b3d4c8591c6ba05cf4fe9c4_JaffaCakes118

Files

972c42b26b3d4c8591c6ba05cf4fe9c4_JaffaCakes118
.sys windows:4 windows x86 arch:x86

5ad620bb91f60e28787303e18d7b2e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlCopyUnicodeString
RtlInitUnicodeString
wcslen
wcscat
wcscpy
RtlAnsiStringToUnicodeString
_stricmp
strncpy
_strnicmp
ZwClose
ZwOpenKey
strncmp
ObfDereferenceObject
swprintf
ExFreePool
_snprintf
ExAllocatePoolWithTag
_wcsnicmp
_itow
MmGetSystemRoutineAddress
IofCompleteRequest

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 832B - Virtual size: 814B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ