1c47cf49f2e5830addfdb3523b7836d3_JaffaCakes118

General

Target

1c47cf49f2e5830addfdb3523b7836d3_JaffaCakes118
Size

14KB
MD5

1c47cf49f2e5830addfdb3523b7836d3
SHA1

fff31fff4f479f26dd00e311ca4c3dc3db57697a
SHA256

05ed443ef52ef4ec8a7a83f5105ffd90d2ffde33e428bc6495c7abd373c8ad03
SHA512

b7fc2e7b2a55b086ca00bcf350b3acffc59556030a54e5457ca9a98b6ce18c293e7b30323bf476f5a23ac64bf88a26ebcdea308efd28acaf745c40de8d0b09fe
SSDEEP

384:S7V8bvcbTtIBVx5TZ/u/GNOHmXizNnlhY:EMvITtcj5TpfOHmXixlh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1c47cf49f2e5830addfdb3523b7836d3_JaffaCakes118

Files

1c47cf49f2e5830addfdb3523b7836d3_JaffaCakes118
.sys windows:4 windows x86 arch:x86

3b3be06654c8cd258dba5cfc7f9db166

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

KeDelayExecutionThread
ZwClose
ZwCreateKey
wcslen
swprintf
RtlInitUnicodeString
wcscat
wcscpy
atol
srand
ZwCreateFile
IoRegisterDriverReinitialization
isxdigit
strrchr
strstr
tolower
_wcslwr
wcsncpy
PsGetVersion
islower
atoi
isprint
MmIsAddressValid
ZwUnmapViewOfSection
strncmp
IoGetCurrentProcess
_wcsnicmp
isupper
PsTerminateSystemThread
PsCreateSystemThread
_stricmp
isdigit
strncpy
PsLookupProcessByProcessId
ExAllocatePoolWithTag
KeInitializeTimer
IofCompleteRequest
RtlAnsiStringToUnicodeString
ZwSetValueKey
ZwOpenKey
ZwEnumerateKey
toupper
strchr
_snprintf
ExFreePool
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
PsSetCreateProcessNotifyRoutine
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
DbgPrint
isspace

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 800B - Virtual size: 782B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3b3be06654c8cd258dba5cfc7f9db166

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 9KB - Virtual size: 9KB

.data Size: 2KB - Virtual size: 2KB

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 800B - Virtual size: 782B

.text
Size: 9KB - Virtual size: 9KB

.data
Size: 2KB - Virtual size: 2KB

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 800B - Virtual size: 782B