08e311ec0813a4b08c3d425ae6d45fc1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

08e311ec0813a4b08c3d425ae6d45fc1_JaffaCakes118
Size

31KB
MD5

08e311ec0813a4b08c3d425ae6d45fc1
SHA1

b3ede7725f0df61d098f015cd1facfe1f02bfa4e
SHA256

22e8ad4f18599022fb2e2ae72538871bcb61c120ec5193394cbf75adbc56eff1
SHA512

d2d55e50729db94b1f2a41e1d8ad2690623712e5edd71c17d463e6ae9e56b59e2b14c4154785556b96c915dae09b6d74b36e21e9dc2b85be7e40d7bd0ee5a309
SSDEEP

768:98q/xUR5/9n/RElSjpLTHxfPy5scvCCRwY:98qWX/9/OlMpLFfqCcvCC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
08e311ec0813a4b08c3d425ae6d45fc1_JaffaCakes118

Files

08e311ec0813a4b08c3d425ae6d45fc1_JaffaCakes118
.sys windows:6 windows x86 arch:x86

5c90e073fed085eb5a68486e5438a431

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\0soft\loader\runtime3\objfre_wxp_x86\i386\runtime3.pdb

Imports

ntoskrnl.exe

memcpy
ExAllocatePoolWithTag
ZwClose
ZwSetValueKey
wcslen
ZwCreateKey
RtlInitUnicodeString
strcmp
PsLookupProcessByProcessId
wcsncpy
memset
ZwQueryValueKey
ZwOpenKey
wcsncat
wcscpy
PsSetCreateProcessNotifyRoutine
IoDeleteDevice
IoCreateSymbolicLink
IoRegisterShutdownNotification
IoCreateDevice
IofCompleteRequest
RtlAppendUnicodeStringToString
RtlUnicodeToMultiByteN
ZwWriteFile
ZwCreateFile
IoRegisterFsRegistrationChange
KeInitializeMutex
RtlAppendUnicodeToString
ZwQueryDirectoryObject
ZwOpenDirectoryObject
KeReleaseMutex
KeWaitForSingleObject
ExFreePoolWithTag
MmIsAddressValid
CmRegisterCallback
ExInitializeResourceLite
KeDelayExecutionThread
KeLeaveCriticalRegion
ExReleaseResourceLite
ExAcquireResourceExclusiveLite
KeEnterCriticalRegion
RtlCopyUnicodeString
RtlCompareUnicodeString
ExAcquireResourceSharedLite
ObQueryNameString
ZwEnumerateValueKey
ExQueueWorkItem

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 768B - Virtual size: 725B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 896B - Virtual size: 876B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5c90e073fed085eb5a68486e5438a431

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Sections

.text Size: 9KB - Virtual size: 9KB

.rdata Size: 384B - Virtual size: 384B

.data Size: 768B - Virtual size: 725B

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 896B - Virtual size: 876B

.text
Size: 9KB - Virtual size: 9KB

.rdata
Size: 384B - Virtual size: 384B

.data
Size: 768B - Virtual size: 725B

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 896B - Virtual size: 876B