08498be1a365b9b0c46c8c02b3c0bc3d_JaffaCakes118

General

Target

08498be1a365b9b0c46c8c02b3c0bc3d_JaffaCakes118
Size

16KB
MD5

08498be1a365b9b0c46c8c02b3c0bc3d
SHA1

db1c7346d74edf2d301f40dfcf31ac8deee3eccb
SHA256

35a32965610954e25c93812463f4357103f8c565804d2c0e5a300716e732702d
SHA512

5a84d920a9544fd9af75975443f0b2cd78c03e1e5ae1ed4d5ab3c81ab2fd2a3335c2ac391e2eeda10e69661e1ae29b78c398d3d51457fdca4de45b9f2a9d7a53
SSDEEP

384:fwhUSO7SrH4qaNzfC3Vl5SaMjO9Q1t8xa8/lmzo4TUDeiQqkaMmO:fWPO79FNzaMaMjYQ1t8xa89mzo4TUCJ9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
08498be1a365b9b0c46c8c02b3c0bc3d_JaffaCakes118

Files

08498be1a365b9b0c46c8c02b3c0bc3d_JaffaCakes118
.sys windows:4 windows x86 arch:x86

c28e8067ebd4d45eb1bc30219ba1f113

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

_wcsnicmp
wcslen
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
ExFreePool
ZwClose
ZwWriteFile
ZwSetInformationFile
ZwReadFile
ExAllocatePoolWithTag
ZwQueryInformationFile
ZwCreateFile
RtlInitUnicodeString
wcscpy
ZwEnumerateKey
wcscat
ZwOpenKey
isprint
KeDelayExecutionThread
_strnicmp
ZwQueryValueKey
_except_handler3
IoRegisterDriverReinitialization
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
IoGetCurrentProcess
ExGetPreviousMode
isxdigit
KeServiceDescriptorTable
ZwSetValueKey
toupper
strrchr
isupper
PsGetVersion
strchr
wcsstr
tolower
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
PsCreateSystemThread
atol
wcsncmp
towlower
srand
atoi
isspace
ZwDeleteValueKey
strstr
strncmp
strncpy
IofCompleteRequest

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c28e8067ebd4d45eb1bc30219ba1f113

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 9KB - Virtual size: 9KB

.data Size: 4KB - Virtual size: 4KB

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 9KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 4KB

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB