2283c70483b59efc819c61945e8ca8b7_JaffaCakes118

General

Target

2283c70483b59efc819c61945e8ca8b7_JaffaCakes118
Size

18KB
MD5

2283c70483b59efc819c61945e8ca8b7
SHA1

9dffa0ca8b7aca40de21871da8fa802d3e458168
SHA256

c255c78581214267a0cab339853a4ac35da25f0cd72a1e69456f0afc8a2b9c1d
SHA512

566d0c1455234c3d8edc73faba7929faecfc2fe69864e19b3f34828a8022293beaa4ab02e03f6b01ae1456ea14c168cba4be76d36198bd850d22cbb398b12724
SSDEEP

384:U3NS8uMW1TVSIFMrD4ULYCvTmiTcEY1Tt1KKXlhQthVS5x:U3Xp6TwIFMrD4ULYUTmTTtnhQt3Ix

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2283c70483b59efc819c61945e8ca8b7_JaffaCakes118

Files

2283c70483b59efc819c61945e8ca8b7_JaffaCakes118
.sys windows:4 windows x86 arch:x86

714e111540a42281f55d4aeeb7817e2f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

KeDelayExecutionThread
ZwClose
ZwCreateKey
wcslen
swprintf
RtlInitUnicodeString
wcscat
wcscpy
toupper
isxdigit
isdigit
isspace
strchr
isprint
islower
srand
RtlAnsiStringToUnicodeString
atol
PsSetCreateProcessNotifyRoutine
strstr
IoDeleteDevice
strrchr
IoCreateSymbolicLink
IoCreateDevice
isupper
PsGetVersion
atoi
tolower
strncmp
IoGetCurrentProcess
_wcsnicmp
_snprintf
ExFreePool
ExAllocatePoolWithTag
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
ZwCreateFile
IoRegisterDriverReinitialization
MmIsAddressValid
ZwUnmapViewOfSection
ZwEnumerateKey
ZwSetValueKey
ZwOpenKey
PsTerminateSystemThread
PsCreateSystemThread
_stricmp
strncpy
PsLookupProcessByProcessId
KeInitializeTimer
IofCompleteRequest
_wcslwr
wcsncpy

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 832B - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

714e111540a42281f55d4aeeb7817e2f

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 12KB - Virtual size: 12KB

.data Size: 3KB - Virtual size: 2KB

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 832B - Virtual size: 816B

.text
Size: 12KB - Virtual size: 12KB

.data
Size: 3KB - Virtual size: 2KB

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 832B - Virtual size: 816B