f646b32a8483fe44b4169ee7568a55cc_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f646b32a8483fe44b4169ee7568a55cc_JaffaCakes118
Size

47KB
MD5

f646b32a8483fe44b4169ee7568a55cc
SHA1

cfffd702b02ce6b6ff4d2c061d4efd588f2226cf
SHA256

d30782284cff24626697d5cd4b306a3f80052ef38335ee8b9424401cd15e09e7
SHA512

1c550d176214f91dc1072a7c99473db03a8cea47e76752fdda3433c90ef5b6d688480b2e1913cf860a94bd9b7fa3cda3fd80c694acfe702f5264c5a68f81a8e7
SSDEEP

768:euwh+DTXarKE0YyNMQ4ruLaiIACFilB5ukp8szpw952abZSZHrLbJ:euwh+DTXKh3yNMQ4ruOiIACMPZ/pw950

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f646b32a8483fe44b4169ee7568a55cc_JaffaCakes118

Files

f646b32a8483fe44b4169ee7568a55cc_JaffaCakes118
.sys windows:4 windows x86 arch:x86

e306c238ee1890dfaa433704f97d9596

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwClose
RtlInitUnicodeString
PsTerminateSystemThread
KeDelayExecutionThread
PsCreateSystemThread
wcscat
wcscpy
_stricmp
strncpy
PsLookupProcessByProcessId
ExAllocatePoolWithTag
KeInitializeTimer
IofCompleteRequest
PsSetCreateProcessNotifyRoutine
_snprintf
ExFreePool
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
ZwCreateFile
swprintf
MmIsAddressValid
MmGetSystemRoutineAddress
ZwCreateKey
wcslen
strncmp
IoGetCurrentProcess
_wcsnicmp
ZwUnmapViewOfSection
PsGetVersion
_wcslwr
wcsncpy
RtlAnsiStringToUnicodeString
ZwSetValueKey
ZwOpenKey
ZwEnumerateKey
IoRegisterDriverReinitialization

Sections

.text
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 96B - Virtual size: 81B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 928B - Virtual size: 900B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 704B - Virtual size: 704B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ