0c9cf094617647534731ab875dce4858_JaffaCakes118

General

Target

0c9cf094617647534731ab875dce4858_JaffaCakes118
Size

40KB
MD5

0c9cf094617647534731ab875dce4858
SHA1

ba6383a1e31c472747bc1294c344493297b64c4d
SHA256

952694aaa1de1df787ea6b26cbb218bcee61b0112c5adadcf0411993bb33955d
SHA512

1c1bbdb262aa3664ce7a7ca808e0026c0b1a63fe5c0eb2b519cd306d4f1f45d38b89ab120709eaaa15c95dc6ff2ee3218e7a1c3eb186e5e43da1e727a61b56a9
SSDEEP

768:roQe3N+Dp8Kv+yhXjFwPMDy1FDfUVtokqhfHQUZOQ2KXXu1mFtI/Sa5YmtzQoi/3:UQM4DWKvfhXOP4SRBOQ2KHexaWYmtzG3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0c9cf094617647534731ab875dce4858_JaffaCakes118

Files

0c9cf094617647534731ab875dce4858_JaffaCakes118
.sys windows:4 windows x86 arch:x86

79babc7cff82e7db0be3081b6a4cb187

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlCopyUnicodeString
wcsstr
_wcslwr
ZwClose
ZwCreateFile
RtlInitUnicodeString
swprintf
wcslen
wcscat
wcscpy
_wcsicmp
ZwQueryValueKey
ZwOpenKey
_except_handler3
ZwDeleteKey
ZwSetInformationFile
wcsncpy
wcsrchr
ZwSetValueKey
ObReferenceObjectByHandle
ZwCreateKey
ObfDereferenceObject
MmIsAddressValid
KeDelayExecutionThread
KeQuerySystemTime
ExFreePool
_snprintf
ExAllocatePoolWithTag
PsCreateSystemThread
_snwprintf
wcschr
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
IoRegisterDriverReinitialization
MmGetSystemRoutineAddress
_stricmp
_wcsnicmp
IoDeviceObjectType
strncpy
IoGetCurrentProcess
IofCompleteRequest
PsGetVersion
strncmp
RtlCompareUnicodeString
PsLookupProcessByProcessId
PsSetCreateProcessNotifyRoutine
RtlAnsiStringToUnicodeString
KeTickCount
KeQueryTimeIncrement

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 64B - Virtual size: 62B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

79babc7cff82e7db0be3081b6a4cb187

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 28KB - Virtual size: 28KB

.rdata Size: 256B - Virtual size: 252B

.data Size: 6KB - Virtual size: 6KB

PAGE Size: 64B - Virtual size: 62B

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 28KB - Virtual size: 28KB

.rdata
Size: 256B - Virtual size: 252B

.data
Size: 6KB - Virtual size: 6KB

PAGE
Size: 64B - Virtual size: 62B

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB