15eea205b8bb794b642a198a41d75b30_JaffaCakes118

General

Target

15eea205b8bb794b642a198a41d75b30_JaffaCakes118
Size

40KB
MD5

15eea205b8bb794b642a198a41d75b30
SHA1

b976eb5b3ec19b6bdcbaa8c51c2f71944941b584
SHA256

1a383bbc5c11beee06914371128138dd59bb1e78a0f8d49ab046a74b8ebbf26b
SHA512

2d528e345a4e96f0ae269efdabe62fbc0e9f42933f0900950625bbcd8281a12f4a00d50cd013412a71ffa60aeca49f7bc18d6c209ac57338d4f208369884765c
SSDEEP

768:2NXGL510mOpum09qhNYz3iLRaU7StiGJN40LhvJf2h0Yp/r73HfBh7L8SDh+L:k+OYchNYz3i9x+tiGJJFhf3Yp/rbfTXE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
15eea205b8bb794b642a198a41d75b30_JaffaCakes118

Files

15eea205b8bb794b642a198a41d75b30_JaffaCakes118
.sys windows:4 windows x86 arch:x86

e35b86bdf40712f02de5ce3519bce83d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

MmIsAddressValid
swprintf
ObReferenceObjectByHandle
ZwClose
PsCreateSystemThread
ZwDeleteKey
_wcsnicmp
wcslen
ZwOpenKey
RtlInitUnicodeString
ObfDereferenceObject
wcsncpy
wcsrchr
KeDelayExecutionThread
KeQuerySystemTime
ZwQueryValueKey
RtlAnsiStringToUnicodeString
ZwSetInformationFile
ZwCreateFile
wcscpy
strncpy
PsLookupProcessByProcessId
_stricmp
_wcsicmp
strncmp
IoGetCurrentProcess
wcscat
_except_handler3
MmGetSystemRoutineAddress
PsGetVersion
_snwprintf
ExAllocatePoolWithTag
IoDeviceObjectType
ExFreePool
_snprintf
ZwSetValueKey
IofCompleteRequest
PsSetCreateProcessNotifyRoutine
wcsstr
_wcslwr
KeTickCount
KeQueryTimeIncrement
IoRegisterDriverReinitialization
RtlCopyUnicodeString
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
ZwCreateKey
RtlCompareUnicodeString
wcschr

Sections

.text
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 96B - Virtual size: 92B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGEWMI
Size: 32B - Virtual size: 5B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e35b86bdf40712f02de5ce3519bce83d

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 29KB - Virtual size: 29KB

.rdata Size: 256B - Virtual size: 252B

.data Size: 7KB - Virtual size: 6KB

PAGE Size: 96B - Virtual size: 92B

PAGEWMI Size: 32B - Virtual size: 5B

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 29KB - Virtual size: 29KB

.rdata
Size: 256B - Virtual size: 252B

.data
Size: 7KB - Virtual size: 6KB

PAGE
Size: 96B - Virtual size: 92B

PAGEWMI
Size: 32B - Virtual size: 5B

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB