ede7eb0af3b703811345897778b3a780_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ede7eb0af3b703811345897778b3a780_JaffaCakes118
Size

45KB
MD5

ede7eb0af3b703811345897778b3a780
SHA1

a2c5fcc951d573c846f06e38fd45f00331f6b5b1
SHA256

6901aaa607326672891c22efd8c0e7d92a132b6278bbaeb8ce7abef8d3c5057a
SHA512

76d55025df124768bc8702bd579003e1c8712bbc6304c5b845cdb5496cb7032de1bf6dbba9415b8db9970170e2b7e283bd9f4ec7bbf091e2cbc105e11f26d0eb
SSDEEP

768:gBoOnPxFmlLGvuwEMYSjtpQtGs4Y3YQ0vStWmipOCJygX75Nvsx:EoOnzNE3SPQh4YoBkWmiQgykBs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ede7eb0af3b703811345897778b3a780_JaffaCakes118

Files

ede7eb0af3b703811345897778b3a780_JaffaCakes118
.sys windows:5 windows x86 arch:x86

18af42eb2e8534492255e573c3792ff3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExAllocatePoolWithTag
memcpy
ObfDereferenceObject
KeUnstackDetachProcess
KeStackAttachProcess
PsLookupProcessByProcessId
RtlCompareMemory
IoGetCurrentProcess
strncpy
ZwClose
ExFreePoolWithTag
KeInsertQueueApc
KeInitializeApc
KeGetCurrentThread
ZwAllocateVirtualMemory
_snprintf
memset
_stricmp
FsRtlIsNameInExpression
PsLookupThreadByThreadId
IoFreeMdl
IoAllocateMdl
RtlWriteRegistryValue
_snwprintf
RtlCreateRegistryKey
RtlImageNtHeader
_wcsnicmp
RtlEqualUnicodeString
KeServiceDescriptorTable
ZwUnmapViewOfSection
RtlFreeUnicodeString
strstr
RtlAnsiStringToUnicodeString
RtlInitAnsiString
ZwWriteFile
ZwReadFile
ZwQueryInformationFile
ZwSetInformationFile
ZwOpenKey
RtlInitUnicodeString
ZwQueryValueKey
ZwDeleteKey
MmMapLockedPagesSpecifyCache
MmMapLockedPages
MmProbeAndLockPages
MmUnlockPages
MmUnmapLockedPages
ObReferenceObjectByName
IoDriverObjectType
KeDelayExecutionThread
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
ZwQueryInformationProcess
RtlImageDirectoryEntryToData
RtlRandom
ZwCreateEvent
ExQueueWorkItem
PsSetLoadImageNotifyRoutine
RtlUnicodeStringToAnsiString
ObMakeTemporaryObject
ObfReferenceObject
KeQuerySystemTime
strrchr
ZwCreateFile
strchr

hal

KfLowerIrql
KeRaiseIrqlToDpcLevel

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 740B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.333
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

18af42eb2e8534492255e573c3792ff3

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 9KB - Virtual size: 8KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 2KB

INIT Size: 2KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 740B

.333 Size: 28KB - Virtual size: 28KB

.text
Size: 9KB - Virtual size: 8KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 2KB

INIT
Size: 2KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 740B

.333
Size: 28KB - Virtual size: 28KB