17d90403005427a8a846c0e1d01e75a4_JaffaCakes118

General

Target

17d90403005427a8a846c0e1d01e75a4_JaffaCakes118
Size

47KB
MD5

17d90403005427a8a846c0e1d01e75a4
SHA1

0934da7209542f7a1a96ebb601c09b05b9babd53
SHA256

eee2462fb5e2f9b3a40f4cc04132e6c21f6aadd4ae027fb79ac9fc705ee307f0
SHA512

984ae315277bd8121a10e9de276cfaeb61124b025d940257fa3a7df83781fc0c56700e1d912b0a0d780f89acb10d5d348f5778524a87ced7a29424c266838de0
SSDEEP

768:VSwPLbhFUUKrNan1qj2bsB8lo+v8sh4exirCGaxmGGPdG6LL+gPm0Oy+lJ5YLcly:1lbx0Uptvy+hUh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
17d90403005427a8a846c0e1d01e75a4_JaffaCakes118

Files

17d90403005427a8a846c0e1d01e75a4_JaffaCakes118
.sys windows:4 windows x86 arch:x86

6b0cf233922f46bf4b1d6cc059dd788f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

MmIsAddressValid
ZwClose
ZwUnmapViewOfSection
swprintf
RtlInitUnicodeString
wcscat
wcscpy
ZwCreateFile
ZwSetValueKey
ZwOpenKey
ZwEnumerateKey
RtlAnsiStringToUnicodeString
ZwCreateKey
wcslen
_snprintf
ExFreePool
ExAllocatePoolWithTag
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
IoRegisterDriverReinitialization
strncmp
IoGetCurrentProcess
_wcsnicmp
PsGetVersion
_wcslwr
wcsncpy
PsTerminateSystemThread
_stricmp
strncpy
PsLookupProcessByProcessId
KeInitializeTimer
IofCompleteRequest
MmGetSystemRoutineAddress

Sections

.text
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 128B - Virtual size: 111B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 832B - Virtual size: 804B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 928B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 736B - Virtual size: 730B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6b0cf233922f46bf4b1d6cc059dd788f

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 39KB - Virtual size: 39KB

.data Size: 4KB - Virtual size: 4KB

PAGE Size: 128B - Virtual size: 111B

INIT Size: 832B - Virtual size: 804B

.rsrc Size: 928B - Virtual size: 912B

.reloc Size: 736B - Virtual size: 730B

.text
Size: 39KB - Virtual size: 39KB

.data
Size: 4KB - Virtual size: 4KB

PAGE
Size: 128B - Virtual size: 111B

INIT
Size: 832B - Virtual size: 804B

.rsrc
Size: 928B - Virtual size: 912B

.reloc
Size: 736B - Virtual size: 730B