1858802f0e90fb64553fce8981d5b4f4_JaffaCakes118

General

Target

1858802f0e90fb64553fce8981d5b4f4_JaffaCakes118
Size

14KB
MD5

1858802f0e90fb64553fce8981d5b4f4
SHA1

151ef709b4aa0cbe1831434e089067934fe64e7c
SHA256

1d84741570873c955ee12dae080724ef0ec8ca56a61569b93b91a875b20238e5
SHA512

5ca873e19cd716093703d346a3c86e3ac0b6789d8b6201b2254c67bf6717b9f5a8effa96b8b5b6629da558187e379cdcc31a8bbf65a21955521f6650719abc85
SSDEEP

384:G6yWSPRbqYJQ79vnqPyuOiJ0aq3G0xwl6W64S:G6y/PRbqYJUNviJ0aqW0W64S

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1858802f0e90fb64553fce8981d5b4f4_JaffaCakes118

Files

1858802f0e90fb64553fce8981d5b4f4_JaffaCakes118
.sys windows:5 windows x86 arch:x86

e70c10d616cf4fc4fe54acf9d181a9bb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Backup\我的文档\VISUAL~1\Projects\173ft\173ft\objchk\i386\173ft.pdb

Imports

ntoskrnl.exe

KeDelayExecutionThread
IoDeleteSymbolicLink
IoDeleteDevice
DbgPrint
IoCreateSymbolicLink
IoCreateDevice
RtlInitUnicodeString
_except_handler3
IofCompleteRequest
wcsstr
PsTerminateSystemThread
KeWaitForSingleObject
ZwClose
ObReferenceObjectByHandle
PsCreateSystemThread
KeInitializeEvent
ObfDereferenceObject
KeSetEvent
IoFreeMdl
ExFreePoolWithTag
ExAllocatePoolWithTag
MmBuildMdlForNonPagedPool
IoAllocateMdl
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
ZwOpenKey
ZwOpenFile
PsGetVersion
RtlFreeAnsiString
RtlCompareMemory
RtlInitAnsiString
RtlUnicodeStringToAnsiString
ZwQueryValueKey
PsGetCurrentProcessId
ZwSetSystemInformation
ZwLoadDriver
ZwOpenProcess
KeServiceDescriptorTable
ZwQueryDirectoryFile
MmUnmapLockedPages
MmMapLockedPages
ZwQuerySystemInformation
ZwReadFile
ZwSetInformationFile
MmIsAddressValid
MmGetSystemRoutineAddress
wcsncmp
ZwQueryObject
ZwDuplicateObject
KeUnstackDetachProcess
KeStackAttachProcess
PsLookupProcessByProcessId

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 640B - Virtual size: 591B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 256B - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e70c10d616cf4fc4fe54acf9d181a9bb

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Sections

.text Size: 9KB - Virtual size: 9KB

.rdata Size: 640B - Virtual size: 591B

.data Size: 256B - Virtual size: 168B

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 9KB - Virtual size: 9KB

.rdata
Size: 640B - Virtual size: 591B

.data
Size: 256B - Virtual size: 168B

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB