a3422135a69d3f53f30af30c906d8432_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a3422135a69d3f53f30af30c906d8432_JaffaCakes118
Size

22KB
MD5

a3422135a69d3f53f30af30c906d8432
SHA1

02146400eb8e7cfab4ce9971e842be6d221de4d5
SHA256

ed6005eef7bf02e4c73798e8349393384d1bb47e161441f7e93386a82fd30aa5
SHA512

2548a5effe38c330d28b296f4dba7dfbd9845e1799792a02667a5fd245717ae62067be9dcd80f7d97f5ae114764425494c469e10b7f24021c93f2c05e10f4348
SSDEEP

384:O8KljRnypoX77YAaizHWSRAJYNBtdrbQXzJeqWKS0Z4nZjyFSL:s7nygwiSJqhdrbYzJi+tFSL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a3422135a69d3f53f30af30c906d8432_JaffaCakes118

Files

a3422135a69d3f53f30af30c906d8432_JaffaCakes118
.sys windows:4 windows x86 arch:x86

904bcb306ddd53433d479238782d467d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlFillMemoryUlong
ZwDeleteKey
InterlockedIncrement
FsRtlAreNamesEqual
towupper
ZwDuplicateObject
ZwQueryDirectoryFile
IoBuildAsynchronousFsdRequest
IoGetInitialStack
DbgPrint
RtlFindMessage
CcUnpinData
MmIsNonPagedSystemAddressValid
PsChargePoolQuota
RtlIntegerToUnicodeString
ObQueryNameString
ExAllocatePool
ZwSaveKey
RtlGetSaclSecurityDescriptor
ExFreePool
RtlCustomCPToUnicodeN
ExSystemExceptionFilter
WRITE_REGISTER_ULONG

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

ILIT
Size: 1024B - Virtual size: 614B

IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 485B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 22B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ