b2da06bc1410c8c6dc731e53f593a17f_JaffaCakes118 | Triage

Sharing

General

Target

b2da06bc1410c8c6dc731e53f593a17f_JaffaCakes118
Size

31KB
MD5

b2da06bc1410c8c6dc731e53f593a17f
SHA1

2f03a441d01e5f48333d2b6ce900a0ec754660d8
SHA256

f16e75be94adbb17cdeda917c2349a6968071f58f0e99df824b0e1b1c0f0c45e
SHA512

a69cef95bd03b9860d9eb0a390a075c7dd29945fdf4a5ddb17ea64497ead0fe8fa5fa9fe083616ccd1d527db2f44aa4549d960dab1ac500f0a9e83decfed79db
SSDEEP

768:OlvyeCtHAWqM33N7GANZsoP75ITxirhPihHKeA:ivye2gWT3htP95w+xihHS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b2da06bc1410c8c6dc731e53f593a17f_JaffaCakes118

Files

b2da06bc1410c8c6dc731e53f593a17f_JaffaCakes118
.sys windows:5 windows x86 arch:x86

95aed88cbb65eaa225a77f2d14b8fb35

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
RtlInitUnicodeString
wcscat
wcscpy
ZwClose
PsCreateSystemThread
wcsncmp
wcslen
towlower
ZwCreateFile
IoRegisterDriverReinitialization
IofCompleteRequest
IoGetCurrentProcess
ZwQueryValueKey
ZwOpenKey
_except_handler3
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
ExGetPreviousMode
KeServiceDescriptorTable
ZwSetValueKey
PsGetVersion
strncmp
strncpy
ExFreePool
ZwWriteFile
ZwSetInformationFile
ZwReadFile
ExAllocatePoolWithTag
ZwQueryInformationFile
wcsstr
ZwEnumerateKey
KeDelayExecutionThread
_strnicmp
_wcsnicmp
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
ZwDeleteValueKey

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 832B - Virtual size: 812B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ