f52c062b6b1a13b947313adf5e50cd2d_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f52c062b6b1a13b947313adf5e50cd2d_JaffaCakes118
Size

47KB
MD5

f52c062b6b1a13b947313adf5e50cd2d
SHA1

d6e58d1ea089667082abbce4f25ac38a89144032
SHA256

adf188f01fb0fcd881440a54150ad41727684b12bec2f10e41927084648e2215
SHA512

a04225711b3c1cf9c3ba9ad112f47ab18fd6f42a88bae76db71b647dc65cdaded5d453aa6450572b363d65ffcbb61f2e59cfc41ebcac6bdcd9789e87d67ec386
SSDEEP

768:TCj4QIFTg1QsvP0Gb9gJbXPHW3Q7QWRDFW9vpEzp5ANVgCooERcp7NGNHPpfwVNY:TE4E0Gb6vsV10tPZnoylzB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f52c062b6b1a13b947313adf5e50cd2d_JaffaCakes118

Files

f52c062b6b1a13b947313adf5e50cd2d_JaffaCakes118
.sys windows:4 windows x86 arch:x86

0c33d6c475c5c6666b2733695cfb44d2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExFreePool
ZwClose
ZwWriteFile
ZwSetInformationFile
ZwReadFile
ExAllocatePoolWithTag
ZwQueryInformationFile
ZwCreateFile
RtlInitUnicodeString
IofCompleteRequest
IoGetCurrentProcess
IoRegisterDriverReinitialization
wcscat
wcscpy
PsCreateSystemThread
MmGetSystemRoutineAddress
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
ExGetPreviousMode
KeServiceDescriptorTable
ZwSetValueKey
PsGetVersion
wcsncmp
wcslen
towlower
wcsstr
ZwQueryValueKey
ZwOpenKey
_except_handler3
ZwEnumerateKey
KeDelayExecutionThread
ZwDeleteValueKey
_wcsnicmp
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
_strnicmp
strncmp
strncpy

Sections

.text
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 992B - Virtual size: 986B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 928B - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ