149544e5cdbddcfa0ef1eccc903fc654_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

149544e5cdbddcfa0ef1eccc903fc654_JaffaCakes118
Size

11KB
MD5

149544e5cdbddcfa0ef1eccc903fc654
SHA1

95fa42e9776f58c9769752c3bfdeaa420fd8e53c
SHA256

6eb5ba4012e86dc60167b346d876da8757eb4e3bdd15c45441486897c9a5cfa0
SHA512

dc939ab330514780a652a72a6d9fceefb7dc8625e65037545b43ffe48a85f7925a81690831dce1c18570d2f61e21ae1be7edee91616b78c89643384a8cb0ac19
SSDEEP

192:CVu3soeghfe4kC9Z+ADYb0RaGb0zaIBlMEuG4VavaVWoiZYgtfsPpVLgOLqCC7:pcovWSk0X0GIYe5vYWo+tfsPpBgWLC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
149544e5cdbddcfa0ef1eccc903fc654_JaffaCakes118

Files

149544e5cdbddcfa0ef1eccc903fc654_JaffaCakes118
.sys windows:5 windows x86 arch:x86

612842fa4d5a3f288fa81777cfb0e660

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\x

Imports

ntoskrnl.exe

ZwQuerySymbolicLinkObject
ZwOpenSymbolicLinkObject
RtlInitUnicodeString
KeSetEvent
wcsncpy
KeDetachProcess
ObfDereferenceObject
ObReferenceObjectByHandle
KeAttachProcess
PsLookupProcessByProcessId
ExFreePool
IoFreeMdl
MmUnlockPages
PsSetCreateProcessNotifyRoutine
MmMapLockedPagesSpecifyCache
MmProbeAndLockPages
IoAllocateMdl
ExAllocatePoolWithTag
ExReleaseFastMutexUnsafe
ExAcquireFastMutexUnsafe
ZwDeviceIoControlFile
MmGetSystemRoutineAddress
KeInitializeEvent
IofCompleteRequest
IoDeleteDevice
IoDeleteSymbolicLink
KeDelayExecutionThread
PsGetVersion
IoCreateSymbolicLink
IoCreateDevice
_except_handler3

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 896B - Virtual size: 870B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 434B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ