f498ee217a86890503e321c6cf3487cc_JaffaCakes118

General

Target

f498ee217a86890503e321c6cf3487cc_JaffaCakes118
Size

39KB
MD5

f498ee217a86890503e321c6cf3487cc
SHA1

11873133e162c4c5c9df1d69319da52946a084fd
SHA256

e0e5a3ae57a36076fd7773263ff9bd83dfb0c9dcf4a98d475b86f0d5b2e80b8f
SHA512

17a9815fe9c5fc76ee88e6f49a636011523524e2a75825acdb0f1ed943a910239fc366c79b452566660d51038ebcdd9e731a516cc50186649aea0fc699a7658b
SSDEEP

768:tpLs/wPt1+sxsoe2Mmn3JZQBnuKva8auebt1av7ZPhlu7ZWKz2SZYLEuyZnZOZn+:bR1+s9Me3JZJ8jAt1av7Zu82YDc+bQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f498ee217a86890503e321c6cf3487cc_JaffaCakes118

Files

f498ee217a86890503e321c6cf3487cc_JaffaCakes118
.sys windows:4 windows x86 arch:x86

cdce29fc6026504e8bc9735ec04aa533

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwClose
RtlInitUnicodeString
PsGetVersion
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
swprintf
_wcsicmp
wcsncpy
wcslen
wcsrchr
ZwDeleteKey
ZwOpenKey
ZwSetValueKey
ZwCreateKey
_snwprintf
wcschr
RtlCompareUnicodeString
MmIsAddressValid
ObReferenceObjectByHandle
ZwQueryValueKey
wcsstr
_wcslwr
ExFreePool
ExAllocatePoolWithTag
ObfDereferenceObject
PsCreateSystemThread
MmGetSystemRoutineAddress
_snprintf
strncpy
PsLookupProcessByProcessId
_stricmp
RtlAnsiStringToUnicodeString
_except_handler3
_wcsnicmp
PsSetCreateProcessNotifyRoutine
strncmp
IoGetCurrentProcess
ZwSetInformationFile
ZwCreateFile
wcscpy
KeTickCount
KeQueryTimeIncrement
wcscat
KeQuerySystemTime
RtlCopyUnicodeString
IoRegisterDriverReinitialization
IofCompleteRequest
KeDelayExecutionThread
IoDeviceObjectType

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 96B - Virtual size: 85B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cdce29fc6026504e8bc9735ec04aa533

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 28KB - Virtual size: 28KB

.rdata Size: 256B - Virtual size: 252B

.data Size: 6KB - Virtual size: 6KB

PAGE Size: 96B - Virtual size: 85B

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 28KB - Virtual size: 28KB

.rdata
Size: 256B - Virtual size: 252B

.data
Size: 6KB - Virtual size: 6KB

PAGE
Size: 96B - Virtual size: 85B

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB