0be5d11b3e6423b829b0e26f784c6335_JaffaCakes118

General

Target

0be5d11b3e6423b829b0e26f784c6335_JaffaCakes118
Size

19KB
MD5

0be5d11b3e6423b829b0e26f784c6335
SHA1

92836299cd19cf064bf2a1eef892dfdaa6e1d29d
SHA256

e539824cdf18871458216896b910250698b67ec2006c81c592e3b10c58c10bde
SHA512

bc4ead309fd6a534a71131be786e94d7761fea7e4c0065c65c9f64819c67be86f05f4d4eee33c21f89b1dbc54c4c12c4053d28c69e07e07a8852a976153b5c48
SSDEEP

384:vyx2J8xLq9sgL56DP/i1rCQqc6BS7INUaySQk9PO7L0erzfMZ:vs2J8lG5L56bq9CQqc6BS1uHc77S

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0be5d11b3e6423b829b0e26f784c6335_JaffaCakes118

Files

0be5d11b3e6423b829b0e26f784c6335_JaffaCakes118
.sys windows:4 windows x86 arch:x86

a7cf8e42a3290999705596be61a12055

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExInitializeRundownProtection
ZwQueryInformationProcess
RtlFindLongestRunClear
PsRestoreImpersonation
memcpy
CcPinMappedData
FsRtlInitializeMcb
IoCreateSymbolicLink
RtlAppendUnicodeStringToString
IoReportResourceForDetection
CcGetDirtyPages
FsRtlNotifyFilterChangeDirectory
ExFreePoolWithTag
KeInsertQueueDpc
MmIsAddressValid
FsRtlIsNtstatusExpected
NtDuplicateObject
RtlInt64ToUnicodeString
NtAllocateUuids
DbgPrint
READ_REGISTER_BUFFER_ULONG
ZwCreateFile
RtlReserveChunk
FsRtlLookupLastLargeMcbEntry
ZwDisplayString
CcPinRead
KeStackAttachProcess
RtlImageNtHeader
IoWritePartitionTableEx
KdDebuggerEnabled
ExAllocatePool
strcmp

Exports

Exports

WoyCnwaIhmpk
OgsweglTguefMoyqm
FyeilcVfiuevsZkidrv

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.INIT
Size: 1024B - Virtual size: 879B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 78B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a7cf8e42a3290999705596be61a12055

Headers

File Characteristics

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 3KB - Virtual size: 2KB

.rdata Size: 11KB - Virtual size: 11KB

.data Size: - Virtual size: 4B

.INIT Size: 1024B - Virtual size: 879B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 78B

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 11KB - Virtual size: 11KB

.data
Size: - Virtual size: 4B

.INIT
Size: 1024B - Virtual size: 879B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 78B