da37f3fe39668eb78d65e261d243e02d_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

da37f3fe39668eb78d65e261d243e02d_JaffaCakes118
Size

4KB
MD5

da37f3fe39668eb78d65e261d243e02d
SHA1

2882780e93dfab6ec2d12e69cf40acc794b61722
SHA256

229d72b11a2b286a11e713ac7d1f538cf24a057eeea74f536e9cd10e41dbf1cc
SHA512

44cdd3890a9b5c5d5b356588fba2c5cb70ae9ec8aef561c8a678391540aadaf23904f1137f0f258b179e074e954c6dbf55d7cfa157561c666e728a5a2876a1d6
SSDEEP

48:6Js7CRhFE18tHzpp0pS0XEJ2fJ5OGBOVOgkCcGJC5O2hdiVS6yV0gbw:SRhFE18h00jJ2fJUGBOYbC45RhdXOgb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
da37f3fe39668eb78d65e261d243e02d_JaffaCakes118

Files

da37f3fe39668eb78d65e261d243e02d_JaffaCakes118
.sys windows:4 windows x86 arch:x86

bc6f5db0865c5d462aa7cea620ec254f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ObDereferenceObject
ObReferenceObjectByName
RtlAnsiStringToUnicodeString
RtlInitAnsiString
ZwClose
ZwEnumerateValueKey
ZwOpenKey
IoGetDeviceObjectPointer
ZwQuerySystemInformation
ZwSetValueKey
ZwTerminateProcess
ZwYieldExecution
KeServiceDescriptorTable
IoDriverObjectType
DbgPrint
IoCallDriver
ZwQueryDirectoryFile
IoBuildDeviceIoControlRequest

ndis.sys

NdisRegisterProtocol
NdisDeregisterProtocol

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 236B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 192B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 640B - Virtual size: 614B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 320B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ