975bcc47dc9609684b1b1d2152923160_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

975bcc47dc9609684b1b1d2152923160_JaffaCakes118
Size

11KB
MD5

975bcc47dc9609684b1b1d2152923160
SHA1

e28f47b0e17e9358549c21bb33d2010965146007
SHA256

0346b214c73e374116b6c4f7be52d5af55cac17395bb5eead1d8f48505c5a708
SHA512

c912e2fc1799c886116feb9f4a1c23089f30da5976529e61425bc9b838b3d9c3652fb10eeb892e59f2c126f584cd06e5dfd1ff14c7e287481506830272777b15
SSDEEP

192:pqfr3+HnmWkxjZKyjY5YbcnmwGywtylMwzuHuvUgYrQ+0X44sOt8APTVOccj:gD3+vspMzmZmlXuHoUgYrQ+0X44sM84q

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
975bcc47dc9609684b1b1d2152923160_JaffaCakes118

Files

975bcc47dc9609684b1b1d2152923160_JaffaCakes118
.sys windows:5 windows x86 arch:x86

0e85fa34cac047dce9902fe2a98eaf61

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\sys.pdb

Imports

ntoskrnl.exe

memset
ObReferenceObjectByName
memcpy
IoDeleteSymbolicLink
RtlInitUnicodeString
IoDeleteDevice
RtlGetVersion
ZwSetValueKey
ZwClose
IofCompleteRequest
KeServiceDescriptorTable
IoCreateSymbolicLink
MmIsAddressValid
IoCreateDevice
MmMapLockedPagesSpecifyCache
PsGetCurrentThreadId
strlen
swprintf
wcslen
wcsrchr
ObReferenceObjectByHandle
ObfDereferenceObject
RtlMultiByteToUnicodeN
wcscpy
ZwOpenKey
IoGetCurrentProcess
PsLookupProcessByProcessId
ObReferenceObjectByPointer
PsGetThreadProcessId
ExFreePoolWithTag
_wcsnicmp
ExAllocatePoolWithTag
_except_handler3

hal

KfRaiseIrql
KfLowerIrql

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 528B - Virtual size: 516B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 912B - Virtual size: 904B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 720B - Virtual size: 714B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ