411ea9994ee1fb51a4834e9d7c9640ce_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

411ea9994ee1fb51a4834e9d7c9640ce_JaffaCakes118
Size

10KB
MD5

411ea9994ee1fb51a4834e9d7c9640ce
SHA1

5b7eda630bc316b1dbf7a34d36f9c441b55a3521
SHA256

09c10d92bc709036a5e0e44b70f03b3e4c32a5528d25861aaa542a6dc9478125
SHA512

d3dc4c0a792782b9ca47e79e64accf3b422a361a0e4524b2d311b1847a584b4e9c9b722a921ed9c57890a067ece3693f5c7fc91483e02de480643f8f5de1ed27
SSDEEP

96:Oj6UoRyAm3xIXnr0P5QdPqu7sBi92a7gQxQHilRxn1Fscy+099Ey/PzyBNazWMtz:OxN6AbWSjcyR9H+NazWmTWPgIqt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
411ea9994ee1fb51a4834e9d7c9640ce_JaffaCakes118

Files

411ea9994ee1fb51a4834e9d7c9640ce_JaffaCakes118
.sys windows:5 windows x86 arch:x86

35308d9226d93549981f27b8f9ffb77a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IofCompleteRequest
IoDeleteDevice
IoDeleteSymbolicLink
RtlInitUnicodeString
IoCreateSymbolicLink
IoCreateDevice
wcslen
KeServiceDescriptorTable
ObReferenceObjectByHandle
ExGetPreviousMode
ObfDereferenceObject
wcscat
wcsncat
_wcsnicmp
RtlInitAnsiString
ObQueryNameString
wcscpy
ExFreePool
ExAllocatePoolWithTag
_except_handler3
wcsstr
_wcslwr
ZwDeleteValueKey
ZwDeleteKey
ZwSetValueKey
ZwClose
IoGetRelatedDeviceObject
ZwCreateFile
RtlAnsiStringToUnicodeString
wcsncpy
RtlFreeUnicodeString

hal

KfLowerIrql
KeRaiseIrqlToDpcLevel

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 832B - Virtual size: 830B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 416B - Virtual size: 404B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ