188708061e54e5630752afadc176af2e_JaffaCakes118

General

Target

188708061e54e5630752afadc176af2e_JaffaCakes118
Size

76KB
MD5

188708061e54e5630752afadc176af2e
SHA1

d0da5d57b0fd04ae1e22cd70615b62b52fd8308a
SHA256

1a6d335e8d58cb6f5ed73e99be30bb785dc609ce307801bafe18036cead3f00d
SHA512

439f9241f0d6de0c395b27ff48cf3200aa87b3e602ed5a42885fd9f772643490e5b45500e105c862595b679a42330f3a51244d5b78f9ef4d422167557e5e40be
SSDEEP

1536:RBPU+6JI1g/AVV1VdIJN3EtuHWGqGUl/CDUdAXhQZOGC:RJKI1gctIJ9AuHwGiUUdYFGC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
188708061e54e5630752afadc176af2e_JaffaCakes118

Files

188708061e54e5630752afadc176af2e_JaffaCakes118
.sys windows:4 windows x86 arch:x86

33c3e597573c535417a9c06bbe383609

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ObfDereferenceObject
RtlCompareUnicodeString
RtlInitUnicodeString
ObQueryNameString
ObReferenceObjectByHandle
memset
KeReleaseMutex
memmove
memcpy
KeWaitForSingleObject
_strnicmp
strlen
ExInterlockedPopEntrySList
ExInterlockedPushEntrySList
strncat
strcat
strncmp
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
strcpy
ExFreePool
ExAllocatePoolWithTag
sprintf
strncpy
_strrev
strstr
_strupr
_snprintf
_stricmp
IoGetCurrentProcess
ZwQueryDirectoryFile
ZwQuerySystemInformation
ZwDeviceIoControlFile
ZwEnumerateKey
InterlockedExchange
ZwEnumerateValueKey
IofCompleteRequest
IoCancelIrp
IoUnregisterShutdownNotification
IoDeleteDevice
IoDeleteSymbolicLink
ExInitializeNPagedLookasideList
KeInitializeMutex
IoCreateSymbolicLink
IoCreateDevice
RtlUnwind
MmMapLockedPages
MmBuildMdlForNonPagedPool
MmCreateMdl
KeServiceDescriptorTable

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

33c3e597573c535417a9c06bbe383609

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 16KB - Virtual size: 16KB

.rdata Size: 2KB - Virtual size: 2KB

INIT Size: 55KB - Virtual size: 55KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 16KB - Virtual size: 16KB

.rdata
Size: 2KB - Virtual size: 2KB

INIT
Size: 55KB - Virtual size: 55KB

.reloc
Size: 2KB - Virtual size: 2KB