b7190407e049186a746a1e9a62f70170_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b7190407e049186a746a1e9a62f70170_JaffaCakes118
Size

27KB
MD5

b7190407e049186a746a1e9a62f70170
SHA1

cb4fa08ea56f99b44f1337e7d317394b4f231035
SHA256

3adf05668c509603e8ff6129479cc440aeb2642f96d0c3be52d899fe8b2237bc
SHA512

7cbbfed61eb8681c4073c649cf62ec2fd998cd0a990b0d041d29a32d9da2331911ab559d0e14c4bdd0ecdc7a5150da80445857743b20c5fb529120b5d50915e3
SSDEEP

768:cbaoPBOPUvIIjlzb+0pWQoXgQFlre8aUo7VqwwNNEozFeN2Glf4S:LoP88vIIjVb+0cQ4RTreb77Vqww3EozI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b7190407e049186a746a1e9a62f70170_JaffaCakes118

Files

b7190407e049186a746a1e9a62f70170_JaffaCakes118
.sys windows:5 windows x86 arch:x86

79e5d5c17da76da803b9aa38188f90ed

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwClose
ZwQueryValueKey
ZwOpenKey
RtlInitUnicodeString
_except_handler3
wcsstr
ExFreePool
wcscpy
ZwEnumerateKey
wcscat
ExAllocatePoolWithTag
IofCompleteRequest
IoGetCurrentProcess
ZwWriteFile
ZwSetInformationFile
ZwReadFile
ZwQueryInformationFile
ZwCreateFile
IoRegisterDriverReinitialization
_strnicmp
KeDelayExecutionThread
wcsncmp
wcslen
towlower
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
ExGetPreviousMode
KeServiceDescriptorTable
ZwSetValueKey
PsGetVersion
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
PsCreateSystemThread
strncmp
strncpy
ZwDeleteValueKey
_wcsnicmp
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 768B - Virtual size: 740B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ