08b26b71c61882c7e739f7cbd2af9896_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

08b26b71c61882c7e739f7cbd2af9896_JaffaCakes118
Size

15KB
MD5

08b26b71c61882c7e739f7cbd2af9896
SHA1

447e70b765a196c5816ee277d1fe48a4f68d3cb6
SHA256

8b7790b38180f3b61acc714663b60c24046a8aef8541646da5861ecd157ae91f
SHA512

16407757e7d9ee597ee27d8021e798d9ed30abbc701550a386622c55c0f335fe357048251324198c29b76f66c246de49437a590129dfbb50f6ac6cc65a3975cd
SSDEEP

192:cNJnkOpB6J4KLlpfJhVNhsRZYkYauBky4Lz9aihPQX+1XmHWUNWPb/+:+Gq84KLFDNhBnOtLzUmQXo+WUNWD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
08b26b71c61882c7e739f7cbd2af9896_JaffaCakes118

Files

08b26b71c61882c7e739f7cbd2af9896_JaffaCakes118
.sys windows:5 windows x86 arch:x86

7ceedf03152b3f452c73ee2263bd01b1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\ExeBag\SysV2_hideC\objfre\i386\autolive.pdb

Imports

ntoskrnl.exe

ZwCreateFile
ZwSetValueKey
ZwClose
ZwCreateKey
ZwQueryValueKey
KeServiceDescriptorTable
RtlCompareMemory
InterlockedExchange
ZwQueryDirectoryFile
DbgPrint
RtlInitUnicodeString
IofCompleteRequest
RtlFreeUnicodeString
swprintf
RtlAnsiStringToUnicodeString
RtlInitAnsiString
ZwOpenKey
RtlFreeAnsiString
IoDeleteDevice
PsSetCreateProcessNotifyRoutine
PsCreateSystemThread
IoCreateSymbolicLink
wcscat
_strlwr
_wcslwr
RtlUnicodeStringToAnsiString
IoCreateDevice
wcsrchr
ZwEnumerateKey
ZwDeleteFile
ZwSetInformationFile
ZwQueryInformationFile
ZwOpenFile
ExFreePool
ZwWriteFile
ZwReadFile
ExAllocatePoolWithTag
wcscpy
ZwDeleteValueKey
strncmp
IoGetCurrentProcess
PsTerminateSystemThread
KeDelayExecutionThread
wcscmp
InterlockedIncrement
ObfDereferenceObject
KeWaitForSingleObject
ObReferenceObjectByHandle
sprintf
_stricmp
strncpy
PsLookupProcessByProcessId
wcslen
_snprintf
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
MmIsAddressValid
ZwUnmapViewOfSection
_except_handler3

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 371B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 896B - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7ceedf03152b3f452c73ee2263bd01b1

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Sections

.text Size: 8KB - Virtual size: 8KB

.rdata Size: 384B - Virtual size: 371B

.data Size: 2KB - Virtual size: 2KB

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 896B - Virtual size: 824B

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 384B - Virtual size: 371B

.data
Size: 2KB - Virtual size: 2KB

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 896B - Virtual size: 824B