be7a7f82bd5331f13467479e2f407374_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

be7a7f82bd5331f13467479e2f407374_JaffaCakes118
Size

28KB
MD5

be7a7f82bd5331f13467479e2f407374
SHA1

00b046fbdf8b8f57c6a7f8135b230c237ce81ee4
SHA256

21121084d966ba30463300144fd29aad0ee60b8dfb17e06a7b2af8287506d420
SHA512

7860d7faf1bfc8f1022102218cbdcc647ebd3e3ea0d505d7147882291c42670ae158aa2742ba9dd5ac4aa5a8b0466de993aedd2fc3a4bc1633c81b87da7dae92
SSDEEP

768:CFJ9r+4UZXR6P38guSXw7y8nq2NOjotTyzY6JIYYCYhW8KIozz:GJ9S7xR6P3ZuSXw7LnzNOjoc+YYCYhWU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
be7a7f82bd5331f13467479e2f407374_JaffaCakes118

Files

be7a7f82bd5331f13467479e2f407374_JaffaCakes118
.sys windows:4 windows x86 arch:x86

840dfeb4ae366ffbaf18efaea28509f7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

_strnicmp
swprintf
IofCompleteRequest
wcslen
wcscat
wcscpy
_itow
RtlInitUnicodeString
ObfDereferenceObject
strncpy
_stricmp
strncmp
ZwClose
ZwOpenKey
RtlCopyUnicodeString
_wcsnicmp
ExFreePool
_snprintf
ExAllocatePoolWithTag
RtlAnsiStringToUnicodeString
MmGetSystemRoutineAddress

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 832B - Virtual size: 830B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ