173eba040f82b1bef12708a246ec43cf_JaffaCakes118

General

Target

173eba040f82b1bef12708a246ec43cf_JaffaCakes118
Size

134KB
MD5

173eba040f82b1bef12708a246ec43cf
SHA1

651bfe84ec04fee18896df9bf6ffe7660bb3152f
SHA256

38ef58e85fb01a2d6edd394d6b1df66dbb81cbebf3e9be70c010db6443a45246
SHA512

d9ffabdeb4f4b0b91ed4e8bf244e8e3627f1277c8fa9abc5c7ead5225eb8593e1263717a96ba91050017d88185f07f73a88fdc84cadbc800d4801ef0221946f3
SSDEEP

3072:4LEwebBpUmG5gKGJU8PjgQwwefq4APQ0IUIP2g:jFbBWmG5iWrQt8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
173eba040f82b1bef12708a246ec43cf_JaffaCakes118

Files

173eba040f82b1bef12708a246ec43cf_JaffaCakes118
.sys windows:5 windows x86 arch:x86

6de78f4d7df57ec2789db214e9411b7e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

PsCreateSystemThread
IoCreateDevice
IoDeleteDevice
ZwClose
KeInitializeSpinLock
RtlUnicodeStringToAnsiString
IofCompleteRequest
sprintf
ObReferenceObjectByHandle
KeWaitForSingleObject
RtlFreeAnsiString
RtlAnsiStringToUnicodeString
RtlFreeUnicodeString
strncmp
strstr
KeQuerySystemTime
strncpy
ZwQuerySystemInformation
RtlImageDirectoryEntryToData
tolower
ExAllocatePool
ExFreePool
isupper
KeDelayExecutionThread
ZwQueryValueKey
isdigit
RtlCompareUnicodeString
wcstombs
ZwEnumerateKey
_wcsicmp
ZwOpenKey
MmMapLockedPages
swprintf
PsTerminateSystemThread
KeTickCount
ZwDeleteValueKey
ZwEnumerateValueKey
ZwDeleteFile
ZwDeleteKey
ZwCreateKey
ZwSetValueKey
ZwCreateFile
ZwWriteFile
ExAllocatePoolWithTag
ExFreePoolWithTag
MmIsAddressValid
KeInitializeSemaphore
KeReleaseSemaphore
KeReadStateSemaphore
RtlTimeToTimeFields
isspace
strchr
toupper
ZwReadFile
ZwQueryInformationFile
RtlInitAnsiString
ZwQueryDirectoryFile
ZwOpenFile
memcpy
memset
_except_handler3

Sections

.text
Size: 91KB - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6de78f4d7df57ec2789db214e9411b7e

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 91KB - Virtual size: 91KB

.rdata Size: 14KB - Virtual size: 14KB

.data Size: 19KB - Virtual size: 19KB

INIT Size: 2KB - Virtual size: 1KB

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 91KB - Virtual size: 91KB

.rdata
Size: 14KB - Virtual size: 14KB

.data
Size: 19KB - Virtual size: 19KB

INIT
Size: 2KB - Virtual size: 1KB

.reloc
Size: 6KB - Virtual size: 5KB