01013c514bbdc1a41a02cca103e8d884_JaffaCakes118

General

Target

01013c514bbdc1a41a02cca103e8d884_JaffaCakes118
Size

34KB
MD5

01013c514bbdc1a41a02cca103e8d884
SHA1

77af7adf6dcf23a0a709a0774a8db8c7531efc66
SHA256

67d33f71a1a98efa7d1323b0b29979044071e7f638c41f88f64cf1cb1439b30c
SHA512

cd155f3c2841218283d894168457442660c618a1c265eed058371874fe051f3822ef7662c5275f3cd9bee0ff6eb44e7c0c553caae50fc9da65578eca154cec59
SSDEEP

768:UcZ+OjLDClCwXuIC4w2HYDYmg1KN8u0oRr1mXGUdhfQuLiyJLs0NnruE5CFdRrCu:pZ+qLDSNuBp2HYDYZ1KN8bir1mXl7fQe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
01013c514bbdc1a41a02cca103e8d884_JaffaCakes118

Files

01013c514bbdc1a41a02cca103e8d884_JaffaCakes118
.sys windows:4 windows x86 arch:x86

5a7acc357ffdbc34585de2c89d4dfde3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

islower
ZwClose
swprintf
isxdigit
atol
isupper
ZwCreateFile
ZwSetValueKey
ZwOpenKey
ZwEnumerateKey
toupper
strchr
_snprintf
ExFreePool
ExAllocatePoolWithTag
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
RtlInitUnicodeString
_wcslwr
wcsncpy
PsGetVersion
strrchr
atoi
tolower
strstr
isprint
MmIsAddressValid
isdigit
PsSetCreateProcessNotifyRoutine
IoDeleteDevice
IoCreateSymbolicLink
srand
IoCreateDevice
isspace
KeDelayExecutionThread
ZwCreateKey
wcslen
wcscat
wcscpy
RtlAnsiStringToUnicodeString
strncmp
IoGetCurrentProcess
_wcsnicmp
IoRegisterDriverReinitialization
PsTerminateSystemThread
PsCreateSystemThread
_stricmp
strncpy
PsLookupProcessByProcessId
KeInitializeTimer
IofCompleteRequest
ZwUnmapViewOfSection

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5a7acc357ffdbc34585de2c89d4dfde3

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 28KB - Virtual size: 28KB

.data Size: 3KB - Virtual size: 3KB

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 28KB - Virtual size: 28KB

.data
Size: 3KB - Virtual size: 3KB

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB