f9943ea7d454135ea3ebf8ac519a7b9c_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f9943ea7d454135ea3ebf8ac519a7b9c_JaffaCakes118
Size

30KB
MD5

f9943ea7d454135ea3ebf8ac519a7b9c
SHA1

1cb8ed32f32b264de914fcab2a0c4865df3a6e0f
SHA256

028a44cbfcad35c667bc10ae992e5f8e70a6c2c6bc3049a53ec4fa9b11f1b3db
SHA512

f2c3712edebdf0fe1fe03b211b6f834abe72b7b01f038f00d972b708c65ed8bc5a2521ca34e8c84c881c8bd03c6228dd893b19e0caabcab06f7c7e1b92537e27
SSDEEP

768:KFdxp1gCKPSdn7fpG2V0NAqXQBALtU5YYeFPC:KvxpYPSd7f7VRa4ALAYJF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f9943ea7d454135ea3ebf8ac519a7b9c_JaffaCakes118

Files

f9943ea7d454135ea3ebf8ac519a7b9c_JaffaCakes118
.sys windows:4 windows x86 arch:x86

ebb859a066a068e0268cbf9ab8e0fa17

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

wcsncmp
wcslen
towlower
ZwClose
wcsstr
ZwQueryValueKey
ZwOpenKey
RtlInitUnicodeString
_except_handler3
_strnicmp
_wcsnicmp
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
strncmp
IoGetCurrentProcess
PsGetVersion
strncpy
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
ExGetPreviousMode
KeServiceDescriptorTable
ZwSetValueKey
ZwCreateFile
IoRegisterDriverReinitialization
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
PsCreateSystemThread
ExFreePool
wcscat
wcscpy
ZwEnumerateKey
ExAllocatePoolWithTag
KeDelayExecutionThread
IofCompleteRequest
ZwDeleteValueKey
ZwWriteFile
ZwSetInformationFile
ZwReadFile
ZwQueryInformationFile

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 800B - Virtual size: 788B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ