a975e7413c0cc6b48ebb6f15ae2fe3cd_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a975e7413c0cc6b48ebb6f15ae2fe3cd_JaffaCakes118
Size

443KB
MD5

a975e7413c0cc6b48ebb6f15ae2fe3cd
SHA1

2f69b3ec7207709699f3a3499af679783ee5be80
SHA256

960c912cc566703bf0f678d81286585424494ed6a77c7809035520f36450879e
SHA512

1a536341f8e80cf7700c204d2ff5d88626fdbe846f556929713b585d43b4be0a7bfecf683fc0d08bd47081e89609c33e8691db5026bab13352f2d1bed195eaee
SSDEEP

6144:/weEWX6p2EIrMbA96Vid9szw77k6M8i1cES128JV3Lk1q13+pKSSFxi8d0Q7kTUR:/Xw2EkJs0MO128JtpuY9ccSI8tAZH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a975e7413c0cc6b48ebb6f15ae2fe3cd_JaffaCakes118

Files

a975e7413c0cc6b48ebb6f15ae2fe3cd_JaffaCakes118
.sys windows:4 windows x86 arch:x86

3d59e351c287006bcfb5615fdfc51048

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IofCallDriver
ExInitializeResourceLite
ExDeleteResourceLite
ZwOpenKey
RtlDecompressBuffer
RtlInitUnicodeString
ZwCreateKey
ZwQueryValueKey
ExfInterlockedAddUlong
RtlAddAccessAllowedAce
RtlCreateAcl
RtlLengthSid
SeExports
ObReleaseObjectSecurity
SeSetSecurityDescriptorInfo
ExAllocatePoolWithTag
RtlLengthSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlCreateSecurityDescriptor
ObGetObjectSecurity
IoDeleteDevice
ExDeleteNPagedLookasideList
IoQueueWorkItem
ZwNotifyChangeKey
MmPageEntireDriver
IoFreeWorkItem
ExInitializeNPagedLookasideList
IoAllocateWorkItem
IoCreateDevice
DbgBreakPoint

hal

KfAcquireSpinLock
KfReleaseSpinLock

Sections

.text
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.INIT
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 256B - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ