ddd4cce4706c29a9130bbd2d9ef76640_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ddd4cce4706c29a9130bbd2d9ef76640_JaffaCakes118
Size

27KB
MD5

ddd4cce4706c29a9130bbd2d9ef76640
SHA1

e46d3e23fcd522cf15abf8a3db38a9bb572c1cf4
SHA256

675766ac625c2e3b31ec52e8c8f70da47556dd8d3e2f19862d57121d800644c3
SHA512

5ec9f16fc4d93da0083786a127d2270c6de1ae30a28d484e4a232858faeaf16385075276f54c5c1dc0f0963f69191293ca944c15dc7d86d1032eab6572798c9b
SSDEEP

768:JVZs7fpmwH6U2zrOpHOXmmyuWnizhLUIMW9+99NeGt4fzB+xJlxBX:5s7fpmwH6U2zrOpuXmmyuOizhLUIMW9C

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ddd4cce4706c29a9130bbd2d9ef76640_JaffaCakes118

Files

ddd4cce4706c29a9130bbd2d9ef76640_JaffaCakes118
.sys windows:5 windows x86 arch:x86

538018158e7aceff36308cb3db70d01f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwClose
ZwCreateFile
RtlInitUnicodeString
IoRegisterDriverReinitialization
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
PsCreateSystemThread
IofCompleteRequest
IoGetCurrentProcess
ZwQueryValueKey
ZwOpenKey
_except_handler3
_strnicmp
_wcsnicmp
wcslen
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
ExFreePool
wcscpy
ZwEnumerateKey
wcscat
ExAllocatePoolWithTag
KeDelayExecutionThread
wcsstr
wcsncmp
towlower
ZwDeleteValueKey
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
ExGetPreviousMode
KeServiceDescriptorTable
ZwSetValueKey
PsGetVersion
strncmp
strncpy
ZwWriteFile
ZwSetInformationFile
ZwReadFile
ZwQueryInformationFile

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 768B - Virtual size: 750B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ