1003945f9d8380c09148758e53601903_JaffaCakes118

General

Target

1003945f9d8380c09148758e53601903_JaffaCakes118
Size

37KB
MD5

1003945f9d8380c09148758e53601903
SHA1

fc76828ac56fabed569e87785eab1621e860b9f4
SHA256

20ef9fe1001a1daaa1e71ac632518aa64d355d932408f28c978adc3a7837ee72
SHA512

358be1658bf0f441e256a294c9af2ed98df90f25ae81a35c89fdaa0fa9ce46b746058304b0dc7b408592dfeb0a1a7e8089967c3e2b8249193785ace0afa503a8
SSDEEP

768:IAt50byVd/qaTrlPJl+vh8jdhanYhwPoHWRskbIG0xpl9V+q4szPTbT7cxZrxT:IA02qavlfhancSRsyotVD4szTbT7cH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1003945f9d8380c09148758e53601903_JaffaCakes118

Files

1003945f9d8380c09148758e53601903_JaffaCakes118
.sys windows:4 windows x86 arch:x86

52c36745e4a1a1abbde8d86a5f89757a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwSetValueKey
ObReferenceObjectByHandle
strncpy
IoGetCurrentProcess
wcslen
swprintf
wcscat
wcscpy
RtlInitUnicodeString
PsSetCreateProcessNotifyRoutine
_wcsnicmp
ObfDereferenceObject
strncmp
IofCompleteRequest
ExFreePool
ExAllocatePoolWithTag
ZwClose
ZwOpenKey
RtlCompareUnicodeString
MmIsAddressValid
wcsncpy
wcsrchr
RtlCopyUnicodeString
ZwQueryValueKey
wcsstr
_wcslwr
KeQuerySystemTime
_wcsicmp
MmGetSystemRoutineAddress
_except_handler3
ZwSetInformationFile
ZwCreateFile
KeTickCount
KeQueryTimeIncrement
_stricmp
_snwprintf
ZwDeleteKey
ZwCreateKey
PsCreateSystemThread
_snprintf
IoDeviceObjectType
IoRegisterDriverReinitialization
KeDelayExecutionThread
RtlAnsiStringToUnicodeString
wcschr
PsLookupProcessByProcessId
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice

Sections

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 96B - Virtual size: 71B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 640B - Virtual size: 616B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

52c36745e4a1a1abbde8d86a5f89757a

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 26KB - Virtual size: 26KB

.data Size: 6KB - Virtual size: 6KB

PAGE Size: 96B - Virtual size: 71B

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 640B - Virtual size: 616B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 26KB - Virtual size: 26KB

.data
Size: 6KB - Virtual size: 6KB

PAGE
Size: 96B - Virtual size: 71B

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 640B - Virtual size: 616B

.reloc
Size: 1KB - Virtual size: 1KB