f22d5cfe5cc3e50697c554d136701676_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f22d5cfe5cc3e50697c554d136701676_JaffaCakes118
Size

28KB
MD5

f22d5cfe5cc3e50697c554d136701676
SHA1

50bb0596c132a9a7c4ef750e18ee4702c8abf0ea
SHA256

9609ccf6915cf463bba23cc0c95b290dc28edc924f0d6ced98665aa1c87e62e3
SHA512

de81c2f0180abce86c6fc8d45a24fe97b9f12d3a283792a04d9d13e28c1015c44928a614e412d803f7a9a83132736b163ec7befd7c7a19b519c99d01e20296c6
SSDEEP

384:RJENKi1Pep+Wo3fY8ORvLAOD+yp1HARy1MwYJFcONn2PbrcqsQ4mmTJO:RJbi1P0+WoPYvRvtXHARsZeZMPbrMI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f22d5cfe5cc3e50697c554d136701676_JaffaCakes118

Files

f22d5cfe5cc3e50697c554d136701676_JaffaCakes118
.sys windows:6 windows x86 arch:x86

b27824d0e5d6e96737813ca22735fe8c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\0soft\loader\runtime3\objfre_wxp_x86\i386\runtime3.pdb

Imports

ntoskrnl.exe

memcpy
ExAllocatePoolWithTag
ZwClose
ZwSetValueKey
wcslen
ZwCreateKey
RtlInitUnicodeString
strcmp
PsLookupProcessByProcessId
wcsncpy
memset
ZwQueryValueKey
ZwOpenKey
wcsncat
wcscpy
PsSetCreateProcessNotifyRoutine
IoDeleteDevice
IoCreateSymbolicLink
IoRegisterShutdownNotification
IoCreateDevice
IofCompleteRequest
RtlAppendUnicodeStringToString
ZwWriteFile
ZwCreateFile
IoRegisterFsRegistrationChange
KeInitializeMutex
ObfDereferenceObject
ObReferenceObjectByName
IoDriverObjectType
RtlAppendUnicodeToString
ZwQueryDirectoryObject
ZwOpenDirectoryObject
KeReleaseMutex
KeWaitForSingleObject
ExFreePoolWithTag
MmIsAddressValid
CmRegisterCallback
ExInitializeResourceLite
KeDelayExecutionThread
KeLeaveCriticalRegion
ExReleaseResourceLite
ExAcquireResourceExclusiveLite
KeEnterCriticalRegion
RtlCopyUnicodeString
RtlCompareUnicodeString
ExAcquireResourceSharedLite
ObQueryNameString
ZwEnumerateValueKey
ExQueueWorkItem

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 318B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 768B - Virtual size: 725B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 896B - Virtual size: 782B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b27824d0e5d6e96737813ca22735fe8c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Sections

.text Size: 9KB - Virtual size: 9KB

.rdata Size: 384B - Virtual size: 318B

.data Size: 768B - Virtual size: 725B

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 14KB - Virtual size: 14KB

.reloc Size: 896B - Virtual size: 782B

.text
Size: 9KB - Virtual size: 9KB

.rdata
Size: 384B - Virtual size: 318B

.data
Size: 768B - Virtual size: 725B

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 14KB - Virtual size: 14KB

.reloc
Size: 896B - Virtual size: 782B