0dd5e63a55d987d43fa20f2142cba3fc_JaffaCakes118

General

Target

0dd5e63a55d987d43fa20f2142cba3fc_JaffaCakes118
Size

36KB
MD5

0dd5e63a55d987d43fa20f2142cba3fc
SHA1

834805b5112d4d27ad7dd7b08bf669883473645c
SHA256

0b959e47b99576f307d9dc1ffbe897fff621faed0b31bab66051ba6f3a89f630
SHA512

763a15dd3b4627ac69684ab7ea6f5e5b1abfdb3f0ced38d8b42aa360fae0122a237c71f21d5cd7022714162f372aa60911559090c04e59cfc34ae635b24d7a6a
SSDEEP

768:UJd2OFQK33HqTloGKx+gqq2vjRSXT2EztjJHxzv2X4c9YRBdmNrYRX5o71L1:sFFQgOZKlqq2vjRSXT2EJjJRzvzcSVIJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0dd5e63a55d987d43fa20f2142cba3fc_JaffaCakes118

Files

0dd5e63a55d987d43fa20f2142cba3fc_JaffaCakes118
.sys windows:4 windows x86 arch:x86

8f7100994663c1d1ae6300838abf1cb6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

KeDelayExecutionThread
ZwClose
ZwCreateKey
wcslen
swprintf
RtlInitUnicodeString
wcscat
wcscpy
strstr
islower
strrchr
isdigit
srand
isxdigit
atol
tolower
atoi
toupper
isspace
strchr
PsSetCreateProcessNotifyRoutine
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
isprint
PsGetVersion
isupper
MmIsAddressValid
ZwUnmapViewOfSection
ZwCreateFile
IoRegisterDriverReinitialization
_wcslwr
wcsncpy
_snprintf
ExFreePool
ExAllocatePoolWithTag
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
RtlAnsiStringToUnicodeString
strncmp
IoGetCurrentProcess
_wcsnicmp
PsTerminateSystemThread
PsCreateSystemThread
_stricmp
strncpy
PsLookupProcessByProcessId
KeInitializeTimer
IofCompleteRequest
ZwEnumerateKey
ZwSetValueKey
ZwOpenKey

Sections

.text
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8f7100994663c1d1ae6300838abf1cb6

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 30KB - Virtual size: 30KB

.data Size: 3KB - Virtual size: 3KB

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 30KB - Virtual size: 30KB

.data
Size: 3KB - Virtual size: 3KB

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB