16393e334c0aa03c3ab6b430cca16a99_JaffaCakes118

General

Target

16393e334c0aa03c3ab6b430cca16a99_JaffaCakes118
Size

39KB
MD5

16393e334c0aa03c3ab6b430cca16a99
SHA1

a368c24593a298f2148c1d62ab6951cc03e2e70c
SHA256

db5f254343480bdb21f83ad7e38a27b9714894479d02f425c3d5f58a71945d84
SHA512

af4d248979740c8a36108e9840c5f76f5882b92c6184f43403d900da415619eb90b88f5368f0146334a88b0f750f4c0178082474e2496253ba26bc149a0c4e75
SSDEEP

768:VbAZo7v2AAUQ424YirtupzQmiRTXqa9iGb3xANM4NHFdPrCH2NigiiH:Bwo7qUjYi5UiRT1b3xANM4NHvW24giC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
16393e334c0aa03c3ab6b430cca16a99_JaffaCakes118

Files

16393e334c0aa03c3ab6b430cca16a99_JaffaCakes118
.sys windows:4 windows x86 arch:x86

1069d09ecccb21eebf0bfd611aee2b53

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

_wcsnicmp
wcslen
swprintf
ObReferenceObjectByHandle
ZwSetValueKey
ZwClose
ZwQueryValueKey
RtlInitUnicodeString
ZwOpenKey
_except_handler3
ObfDereferenceObject
MmIsAddressValid
wcsncpy
wcsrchr
ZwCreateKey
IofCompleteRequest
RtlCompareUnicodeString
MmGetSystemRoutineAddress
strncpy
IoGetCurrentProcess
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
PsSetCreateProcessNotifyRoutine
ExFreePool
ExAllocatePoolWithTag
ZwSetInformationFile
ZwCreateFile
wcscpy
PsLookupProcessByProcessId
_stricmp
IoRegisterDriverReinitialization
PsGetVersion
_wcsicmp
ZwDeleteKey
wcscat
KeDelayExecutionThread
KeQuerySystemTime
PsCreateSystemThread
KeTickCount
KeQueryTimeIncrement
_snwprintf
wcschr
IoDeviceObjectType
_snprintf
RtlAnsiStringToUnicodeString
wcsstr
_wcslwr
strncmp
RtlCopyUnicodeString

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 96B - Virtual size: 83B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1069d09ecccb21eebf0bfd611aee2b53

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 28KB - Virtual size: 28KB

.rdata Size: 256B - Virtual size: 252B

.data Size: 6KB - Virtual size: 6KB

PAGE Size: 96B - Virtual size: 83B

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 28KB - Virtual size: 28KB

.rdata
Size: 256B - Virtual size: 252B

.data
Size: 6KB - Virtual size: 6KB

PAGE
Size: 96B - Virtual size: 83B

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB