0127dc7bc8684c8826f526b0a78f49f8_JaffaCakes118

General

Target

0127dc7bc8684c8826f526b0a78f49f8_JaffaCakes118
Size

30KB
MD5

0127dc7bc8684c8826f526b0a78f49f8
SHA1

f324ac8bd7fc7b4a347d2fd63cbe62ac93c237c9
SHA256

386541b9e1a2eb5c64da0b3b373173906df426225ac2b16efc0df4b6d923d752
SHA512

b0edfd56a97bd70fc313cf14ae0ff27b8ad9a25cd417d538b54fb3460cb574759a87a826dbe19f403e36a3c8119e0460dc3da88a95a1b2c2a248196ae563b77b
SSDEEP

384:Tcn1eJ0l2t++qQ/aEc5AaA3EBUQTEiReqUeiBqE6pZDA86fOozPXaICn0WkRVWx:TcnI0lF+uNnBUE/Relzt6raOomdIg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0127dc7bc8684c8826f526b0a78f49f8_JaffaCakes118

Files

0127dc7bc8684c8826f526b0a78f49f8_JaffaCakes118
.sys windows:5 windows x86 arch:x86

7d8714576327e25779f521b39693fbc3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExUnregisterCallback
ExFreePoolWithTag
ExVerifySuite
ExNotifyCallback
ExInitializeRundownProtection
ExAllocatePool
ExRegisterCallback
RtlDelete
strncat
_strnicmp
ExUuidCreate
VerSetConditionMask
ZwQuerySymbolicLinkObject
_wcsnicmp
wcsncpy
RtlUnicodeStringToAnsiString
ZwDeleteValueKey
RtlCompareString
RtlDeleteNoSplay
ZwSetInformationFile
ZwMakeTemporaryObject
wcsstr
ZwEnumerateValueKey
RtlAppendUnicodeStringToString
RtlFreeAnsiString
IoAttachDevice
ZwDeviceIoControlFile
RtlCopyUnicodeString
RtlUnicodeStringToInteger
ObReleaseObjectSecurity
ZwOpenSection
ObReferenceObjectByPointer
ZwOpenKey
memset

Exports

Exports

_BlockConn@8
_InitConn@4

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 460B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

const
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 982B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7d8714576327e25779f521b39693fbc3

Headers

File Characteristics

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 460B

.data Size: 512B - Virtual size: 128B

const Size: 512B - Virtual size: 512B

INIT Size: 1024B - Virtual size: 982B

.rsrc Size: 22KB - Virtual size: 22KB

.reloc Size: 512B - Virtual size: 352B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 460B

.data
Size: 512B - Virtual size: 128B

const
Size: 512B - Virtual size: 512B

INIT
Size: 1024B - Virtual size: 982B

.rsrc
Size: 22KB - Virtual size: 22KB

.reloc
Size: 512B - Virtual size: 352B