070171e2a0c0b542cf33ef7eff113bae_JaffaCakes118

General

Target

070171e2a0c0b542cf33ef7eff113bae_JaffaCakes118
Size

24KB
MD5

070171e2a0c0b542cf33ef7eff113bae
SHA1

8a77aac425257dc3c46487e3a05167c7cd619ca9
SHA256

25c6a2e6b70cc4775386746131ca3952761455043f33d06703928075c64fcbd1
SHA512

c58c3d4558930d13acabdd4987610b0c3cfb17784dee997a0e0e48419f7df54647b6cef8f44b735f6564635ef95e35177e7baf85d39b006eedf5521426bc7954
SSDEEP

384:RPRbWGAzKfqP4VzZxPXjURL4Jmu7iCqnfNuaFyu3GTK7Or1SF+M0:RPlsGSP4VLQJHu23fNbFydTzSF+M0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
070171e2a0c0b542cf33ef7eff113bae_JaffaCakes118

Files

070171e2a0c0b542cf33ef7eff113bae_JaffaCakes118
.sys windows:4 windows x86 arch:x86

99c8371e599e67c2908d28badd20c2b8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlFreeUnicodeString
CcFastMdlReadWait
ExAllocatePool
RtlAnsiStringToUnicodeString
KdDebuggerEnabled
ExFreePool
MmUnmapVideoDisplay
RtlImageNtHeader
FsRtlUninitializeFileLock
RtlUnicodeStringToAnsiString
ExAcquireFastMutexUnsafe
wcslen
ObfReferenceObject
ZwQueryDirectoryObject
RtlRealPredecessor
RtlGetFirstRange
ZwDisplayString
ZwCreateSymbolicLinkObject
KeQuerySystemTime
IoSetDeviceToVerify
strcmp
PsSetLoadImageNotifyRoutine
NlsLeadByteInfo
ZwQueryInformationProcess
FsRtlGetNextFileLock
memset
KeInsertQueueDpc
_except_handler2
ZwLoadKey
RtlUpperChar
NtCreateSection
strcpy
IoUnregisterShutdownNotification
KeSetKernelStackSwapEnable
RtlCompareUnicodeString
RtlInitString
MmFreeNonCachedMemory

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 590B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MMM
Size: 512B - Virtual size: 262B

IMAGE_SCN_MEM_READ

.GGG
Size: 512B - Virtual size: 260B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.LLL
Size: 512B - Virtual size: 52B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 38B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

99c8371e599e67c2908d28badd20c2b8

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 8KB - Virtual size: 8KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 1024B - Virtual size: 590B

.MMM Size: 512B - Virtual size: 262B

.GGG Size: 512B - Virtual size: 260B

.LLL Size: 512B - Virtual size: 52B

.rsrc Size: 10KB - Virtual size: 9KB

.reloc Size: 512B - Virtual size: 38B

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 1024B - Virtual size: 590B

.MMM
Size: 512B - Virtual size: 262B

.GGG
Size: 512B - Virtual size: 260B

.LLL
Size: 512B - Virtual size: 52B

.rsrc
Size: 10KB - Virtual size: 9KB

.reloc
Size: 512B - Virtual size: 38B