e0aa75d049d0aacc8280797d1bdfea62_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e0aa75d049d0aacc8280797d1bdfea62_JaffaCakes118
Size

53KB
MD5

e0aa75d049d0aacc8280797d1bdfea62
SHA1

65b2dde00798bfc5b7cd1e1bfb44a2983ec943d7
SHA256

439173a87a7fdb73e83c309d57d3f21b112ac0888edb448bb9422fca4ece2454
SHA512

108ec5f33921a718763678bb957f984fd887ff0327924cf52e927a35cf6646c743bc33df87ea117957ea32c8305721d277a497bfc140f462d1d199cc7118fc65
SSDEEP

1536:GWdqkrxNQqSoiRlyCd2faUqnmoCHgzJguY:GYqkNNQloiRlyCwrqnmougg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e0aa75d049d0aacc8280797d1bdfea62_JaffaCakes118

Files

e0aa75d049d0aacc8280797d1bdfea62_JaffaCakes118
.sys windows:4 windows x86 arch:x86

e7a28111e693bb4321c46eaba1808349

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

MmGetSystemRoutineAddress
RtlInitUnicodeString
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
IoGetCurrentProcess
ExGetPreviousMode
ZwSetValueKey
PsGetVersion
ExFreePool
ExAllocatePoolWithTag
wcscat
wcscpy
ZwClose
PsCreateSystemThread
ZwCreateFile
IoRegisterDriverReinitialization
strncmp
strncpy
_wcsnicmp
wcslen
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
ZwEnumerateKey
ZwOpenKey
ZwWriteFile
ZwSetInformationFile
ZwReadFile
ZwQueryInformationFile
ZwDeleteValueKey
KeDelayExecutionThread
_except_handler3
ZwQueryValueKey
wcsncmp
towlower
IofCompleteRequest
_strnicmp
wcsstr

Sections

.text
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 256B - Virtual size: 232B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 960B - Virtual size: 954B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ