151ebfcca71f335e2d53c93abe573cc8_JaffaCakes118

General

Target

151ebfcca71f335e2d53c93abe573cc8_JaffaCakes118
Size

17KB
MD5

151ebfcca71f335e2d53c93abe573cc8
SHA1

95b4afab070cda5273a8b24f695de9f86f32703c
SHA256

ec53c9fe7fda9c607f78e4f25ae8eff8cc2e18a13ec175af3612739b66d29b03
SHA512

24171f3e2315bae5b4a5157f3028948b0418b01eecaa0be7562f011133e0159a64170475835fdceb4733b0e3d0f5de03ae678b29d4dda7cc4a64fce7f6bba986
SSDEEP

384:B4uBVbwYN89i7nyTa/006WKGI+kLxbngEdXl8VfyP+25Pw8AO:BPBVbJN89enyTa/hfKP+SbngEdgfA+2f

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
151ebfcca71f335e2d53c93abe573cc8_JaffaCakes118

Files

151ebfcca71f335e2d53c93abe573cc8_JaffaCakes118
.sys windows:4 windows x86 arch:x86

35302ef0e9fcc5d8f5eef38235efc1bd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

_wcsnicmp
wcslen
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
wcsncmp
towlower
isxdigit
isupper
isdigit
strstr
isspace
tolower
srand
toupper
ZwClose
ExFreePool
wcscpy
ZwEnumerateKey
wcscat
ExAllocatePoolWithTag
ZwOpenKey
RtlInitUnicodeString
atol
KeDelayExecutionThread
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
IoGetCurrentProcess
ExGetPreviousMode
KeServiceDescriptorTable
ZwSetValueKey
strchr
PsGetVersion
_strnicmp
ZwWriteFile
ZwSetInformationFile
ZwReadFile
ZwQueryInformationFile
ZwCreateFile
strncmp
strncpy
wcsstr
ZwQueryValueKey
_except_handler3
islower
IoRegisterDriverReinitialization
ZwDeleteValueKey
strrchr
PsCreateSystemThread
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
IofCompleteRequest
isprint

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

35302ef0e9fcc5d8f5eef38235efc1bd

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 9KB - Virtual size: 9KB

.data Size: 5KB - Virtual size: 5KB

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 9KB - Virtual size: 9KB

.data
Size: 5KB - Virtual size: 5KB

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB