57304af1c292d7e407d1271f253095e0_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

57304af1c292d7e407d1271f253095e0_JaffaCakes118
Size

8KB
MD5

57304af1c292d7e407d1271f253095e0
SHA1

3f6b9bc682a0a90f4eb05e2dea6d9b2920a18b04
SHA256

12dc4c415f1dd2c0412e1c1b4d25518ae3bf96afc1f6808d89d50597e72bf1a7
SHA512

5d20b4580d98dfac835439236a3f17dbb88a67830c48fd284cfc1ff81e048fb933db7d9fe530800d4a22c419935b1b70f39ddf20252d7a1bc989a97c9085206f
SSDEEP

192:uG16ZiUmRCBMfL5Juu2iINSUZCZCZyrEJWztAwmAM0WApx6QeS+3H:ui9AKDu88PJWztcAM0n3eSIH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
57304af1c292d7e407d1271f253095e0_JaffaCakes118

Files

57304af1c292d7e407d1271f253095e0_JaffaCakes118
.sys windows:4 windows x86 arch:x86

33f8fa1912837a79f199607d7d51299c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

KeServiceDescriptorTable
MmIsAddressValid
KeAddSystemServiceTable
_except_handler3
KeClearEvent
IoCreateNotificationEvent
RtlInitUnicodeString
strstr
_strupr
ExFreePool
PsLookupProcessByProcessId
ZwQueryInformationProcess
ExAllocatePoolWithTag
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
wcschr
strncmp
IoGetCurrentProcess
ZwQuerySystemInformation
_wcsupr
wcsstr
ZwCreateFile
KeSetEvent
ZwDeviceIoControlFile
ZwEnumerateValueKey
ZwOpenFile
strchr
PsSetCreateProcessNotifyRoutine
IoCreateDevice

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 832B - Virtual size: 820B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 768B - Virtual size: 746B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ