01a1c3903fe5e18edc9242fb2b9ad416_JaffaCakes118

General

Target

01a1c3903fe5e18edc9242fb2b9ad416_JaffaCakes118
Size

19KB
MD5

01a1c3903fe5e18edc9242fb2b9ad416
SHA1

2ecf8abbeeae7537cf2bb9b6322a1965bf02a576
SHA256

2f8fd7f0525025e661eaaf2196f5c2de71dabcb20940ed397090d3fef71af333
SHA512

21e4f7b360d165219576687b0fce89b4422bc165bb93c43e72e4dfc8407f312d6dd9e600212a9308249c44b1e4b2f62574d0acd3593b15481e11f609b9ab0ada
SSDEEP

384:UtfDgPmnT/qEGbB/lfVCLn4+B1CP2wTwJ9QM/qvpMFIthoomVo:UqP4T/pGbB/lfkLn3BC7wJ9dFIDo5W

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
01a1c3903fe5e18edc9242fb2b9ad416_JaffaCakes118

Files

01a1c3903fe5e18edc9242fb2b9ad416_JaffaCakes118
.sys windows:4 windows x86 arch:x86

6ca8c3e1b50dc863114c6e69f06e9f3f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

_snprintf
ExFreePool
ExAllocatePoolWithTag
ZwQuerySystemInformation
ZwMapViewOfSection
ZwClose
ZwCreateSection
ZwOpenFile
RtlInitUnicodeString
_wcslwr
wcsncpy
PsGetVersion
isupper
strchr
PsTerminateSystemThread
KeDelayExecutionThread
PsCreateSystemThread
swprintf
_stricmp
strncpy
PsLookupProcessByProcessId
KeInitializeTimer
IofCompleteRequest
ZwCreateKey
wcslen
wcscat
wcscpy
atoi
atol
tolower
strrchr
MmIsAddressValid
toupper
isxdigit
islower
srand
isspace
ZwUnmapViewOfSection
strstr
isdigit
PsSetCreateProcessNotifyRoutine
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
isprint
ZwCreateFile
IoRegisterDriverReinitialization
strncmp
IoGetCurrentProcess
_wcsnicmp
ZwEnumerateKey
ZwSetValueKey
ZwOpenKey
RtlAnsiStringToUnicodeString

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 928B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6ca8c3e1b50dc863114c6e69f06e9f3f

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 14KB - Virtual size: 14KB

.data Size: 3KB - Virtual size: 3KB

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 928B - Virtual size: 912B

.text
Size: 14KB - Virtual size: 14KB

.data
Size: 3KB - Virtual size: 3KB

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 928B - Virtual size: 912B