0380d6c62d2f8a951d99360feca515a1_JaffaCakes118

General

Target

0380d6c62d2f8a951d99360feca515a1_JaffaCakes118
Size

16KB
MD5

0380d6c62d2f8a951d99360feca515a1
SHA1

da36746652c1259eaa764fbb8019b267cf4b6578
SHA256

ec23fc7b8aca95f884584324557998b0a9e44911fb30dc4b42ea890660312818
SHA512

eb5b38d3af032461d30bd6fa33cffc4005e72d358fe6b7d6bfa192fd8f27b8762eb8b7fb3a674f37a8532862456b0aee5aba24fd28e91d30b40cceab270e8eee
SSDEEP

384:3Nmj+4PiKQsMv11zAtJvssTlfVmktwgmzV:3N9CiKQsMvfGvss1twF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0380d6c62d2f8a951d99360feca515a1_JaffaCakes118

Files

0380d6c62d2f8a951d99360feca515a1_JaffaCakes118
.sys windows:4 windows x86 arch:x86

7204255c7075a7602c979a86210247df

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlInitUnicodeString
atol
ZwCreateFile
ZwSetValueKey
ZwClose
ZwOpenKey
ZwEnumerateKey
MmIsAddressValid
ZwUnmapViewOfSection
strncmp
IoGetCurrentProcess
_wcsnicmp
wcslen
isprint
toupper
islower
strchr
tolower
isspace
isdigit
strstr
strrchr
RtlAnsiStringToUnicodeString
PsTerminateSystemThread
KeDelayExecutionThread
PsCreateSystemThread
swprintf
_stricmp
strncpy
PsLookupProcessByProcessId
srand
ExAllocatePoolWithTag
KeInitializeTimer
atoi
IofCompleteRequest
IoRegisterDriverReinitialization
_wcslwr
wcsncpy
PsGetVersion
PsSetCreateProcessNotifyRoutine
isupper
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
DbgPrint
isxdigit
_snprintf
ExFreePool
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
ZwCreateKey
wcscat
wcscpy

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 768B - Virtual size: 760B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7204255c7075a7602c979a86210247df

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 10KB - Virtual size: 10KB

.data Size: 3KB - Virtual size: 3KB

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 768B - Virtual size: 760B

.text
Size: 10KB - Virtual size: 10KB

.data
Size: 3KB - Virtual size: 3KB

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 768B - Virtual size: 760B