249e0051075b37be3075ff9a447e7e60_JaffaCakes118

General

Target

249e0051075b37be3075ff9a447e7e60_JaffaCakes118
Size

14KB
MD5

249e0051075b37be3075ff9a447e7e60
SHA1

69628578bb9793f82beb8709be7e157ea4da21aa
SHA256

11cf42a5636c88f8526b06b0addeb5c1283d03e0c02d9618703970b337a1d3c7
SHA512

781293447597c80cebf4150e3f5019a4f3f0b474c1991cb14c4010ec1159e117cf80ca8373a93d17287768387e02712a388505a21cc34caa9edd14f369a0dfe1
SSDEEP

192:lT19TkNBlTD6g2bbSM8gPnJf3Z/07uMJfqsii0gKfMj2VVSHC3foXNXYt3XMOfs7:tHkPlZ64w3Z8Jii0gKfe26lRYJXo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
249e0051075b37be3075ff9a447e7e60_JaffaCakes118

Files

249e0051075b37be3075ff9a447e7e60_JaffaCakes118
.sys windows:4 windows x86 arch:x86

9338111cd7e5ee0586f2f86c54c80977

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwOpenKey
ZwSetValueKey
ZwClose
ExFreePoolWithTag
_stricmp
strrchr
ExAllocatePoolWithTag
ZwQuerySystemInformation
ObReferenceObjectByName
RtlInitUnicodeString
wcscat
wcsrchr
_strnicmp
strncpy
IoGetCurrentProcess
wcsstr
_wcslwr
memcpy
memset
_except_handler3
strncmp
strlen
RtlFreeUnicodeString
KeDelayExecutionThread
RtlCompareMemory
MmIsAddressValid
ZwCreateKey
RtlAnsiStringToUnicodeString
RtlInitAnsiString
sprintf
ZwCreateFile
ObfDereferenceObject
KeServiceDescriptorTable
IoGetBaseFileSystemDeviceObject
ObReferenceObjectByHandle
PsTerminateSystemThread
RtlFreeAnsiString
strstr
_strlwr
RtlUnicodeStringToAnsiString
PsCreateSystemThread
PsLookupProcessByProcessId
PsGetVersion
PsSetCreateProcessNotifyRoutine
IoRegisterDriverReinitialization
swprintf
_snprintf
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
ZwUnmapViewOfSection
ZwQueryValueKey
strcmp

hal

KeGetCurrentIrql

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 758B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9338111cd7e5ee0586f2f86c54c80977

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 9KB - Virtual size: 8KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 3KB

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 758B

.text
Size: 9KB - Virtual size: 8KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 3KB

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 758B