cf7bfac6d8cb3d49418499522374785f_JaffaCakes118 | Triage

Sharing

General

Target

cf7bfac6d8cb3d49418499522374785f_JaffaCakes118
Size

25KB
MD5

cf7bfac6d8cb3d49418499522374785f
SHA1

102b495dccd810f4078ac0869e33e5e05e161202
SHA256

f398ed9f8024f467b064d8845a12d6ee303c68988fb9e2ad900116df566a7f5c
SHA512

5a8f252411882f9138f1019fecb5cc85472403d8fbc96df7c0558003d04ef83d7aa5339b5d49cdbf8df17bb73f7c2df125661d2dd3020d7305c2e573babb5dde
SSDEEP

768:VLN6wCaiKqAivqQ5THufehluhLRUDxxZG/q1jJnxW5q1:R5CaiRAiiQ1HuzpRUDxxZUq1jJx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cf7bfac6d8cb3d49418499522374785f_JaffaCakes118

Files

cf7bfac6d8cb3d49418499522374785f_JaffaCakes118
.sys windows:5 windows x86 arch:x86

fabf5aa4631d21a9d713dd5140fcd171

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
RtlInitUnicodeString
IoGetCurrentProcess
ExGetPreviousMode
KeServiceDescriptorTable
ZwSetValueKey
PsGetVersion
_wcsnicmp
wcslen
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
ZwClose
PsCreateSystemThread
ZwQueryValueKey
ZwOpenKey
_except_handler3
ExFreePool
wcscat
wcscpy
ZwEnumerateKey
ExAllocatePoolWithTag
wcsncmp
towlower
wcsstr
ZwDeleteValueKey
KeDelayExecutionThread
IofCompleteRequest
_strnicmp
ZwCreateFile
IoRegisterDriverReinitialization
strncmp
strncpy
ZwWriteFile
ZwSetInformationFile
ZwReadFile
ZwQueryInformationFile

Sections

.text
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 768B - Virtual size: 740B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ