a1f096fabfdfa842c2c3113c858e7006_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a1f096fabfdfa842c2c3113c858e7006_JaffaCakes118
Size

28KB
MD5

a1f096fabfdfa842c2c3113c858e7006
SHA1

bd2d3bc3186c8e399bcc256902a68225a9406412
SHA256

45a51898e01854ac60d117c9bcdef378a93d7432204b3aa3f4d7114fbae3bc43
SHA512

5cfae42018285ed98bf5c3c8881a42c76a7aca66683a152ad350d8b95924d4fa57b52ec71ba024451edca801e1d5cea94fc9cb25621046b00c775f9f852721b9
SSDEEP

768:SFJ9r+4UZXR6P38guSXw7y8nq2NOjotTyzY6JIYYCYhP8KIozz:2J9S7xR6P3ZuSXw7LnzNOjoc+YYCYhPU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a1f096fabfdfa842c2c3113c858e7006_JaffaCakes118

Files

a1f096fabfdfa842c2c3113c858e7006_JaffaCakes118
.sys windows:4 windows x86 arch:x86

840dfeb4ae366ffbaf18efaea28509f7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

_strnicmp
swprintf
IofCompleteRequest
wcslen
wcscat
wcscpy
_itow
RtlInitUnicodeString
ObfDereferenceObject
strncpy
_stricmp
strncmp
ZwClose
ZwOpenKey
RtlCopyUnicodeString
_wcsnicmp
ExFreePool
_snprintf
ExAllocatePoolWithTag
RtlAnsiStringToUnicodeString
MmGetSystemRoutineAddress

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 832B - Virtual size: 830B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ