003c7f292d14f439728d5828d8952a43_JaffaCakes118

General

Target

003c7f292d14f439728d5828d8952a43_JaffaCakes118
Size

12KB
MD5

003c7f292d14f439728d5828d8952a43
SHA1

27cd1efdf59f78400c4dc247d3c78f3c2df6e0ad
SHA256

c365cf6223c6fe7e426422fb07b1957fea61cec78c62d7fa277846143fef4aa0
SHA512

da821b0ab2e785861274cf650d66c77e7a6f934a4d83987a7b324815e3105d294fbb5210a89b075c66e72e9101ea1c7402b00319c3f3b33b72a05afaf4a01b64
SSDEEP

192:5AvJ/0ujyE3JLK/VoW3F4+YBWZ8NWZx21:UJ/WOJLKWW3iBWZ8NWz2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
003c7f292d14f439728d5828d8952a43_JaffaCakes118

Files

003c7f292d14f439728d5828d8952a43_JaffaCakes118
.sys windows:5 windows x86 arch:x86

e493ae827540bb9fecfa072c44805a22

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Imports

ntoskrnl.exe

ZwCreateFile
ZwClose
ZwQueryValueKey
ZwSetValueKey
ZwCreateKey
KeServiceDescriptorTable
RtlAnsiStringToUnicodeString
RtlInitUnicodeString
RtlCompareMemory
IofCompleteRequest
IoRegisterDriverReinitialization
RtlFreeAnsiString
IoDeleteDevice
PsSetCreateProcessNotifyRoutine
swprintf
IoCreateSymbolicLink
IoCreateDevice
wcscat
_strlwr
RtlUnicodeStringToAnsiString
wcsrchr
_wcslwr
ZwEnumerateKey
ZwOpenKey
IoGetCurrentProcess
PsTerminateSystemThread
ExFreePoolWithTag
RtlFreeUnicodeString
RtlInitAnsiString
KeDelayExecutionThread
ObfDereferenceObject
KeWaitForSingleObject
ObReferenceObjectByHandle
PsCreateSystemThread
sprintf
ExAllocatePoolWithTag
_stricmp
strncpy
PsLookupProcessByProcessId
_except_handler3

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 291B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 384B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e493ae827540bb9fecfa072c44805a22

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Sections

.text Size: 2KB - Virtual size: 2KB

.rdata Size: 384B - Virtual size: 291B

.data Size: 5KB - Virtual size: 5KB

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 384B - Virtual size: 384B

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 384B - Virtual size: 291B

.data
Size: 5KB - Virtual size: 5KB

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 384B - Virtual size: 384B