297474bbbf407b0987e73419281df334_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

297474bbbf407b0987e73419281df334_JaffaCakes118
Size

39KB
MD5

297474bbbf407b0987e73419281df334
SHA1

0c101a2cd09553c94493090a535038c6121fba9a
SHA256

5cb800f552ef943e92bd89c8481037c6568037cddf9d7dcf925f1ee9f8248eba
SHA512

a3a01b1022a084597b54c4c3da11be202a20b1a1b5906159f55dc4b84050b1a0efb1e240f12decb59e190aea46c67445198aba3b9b24237f2020792e58aeb8fc
SSDEEP

768:8NYF4Je7U4emsw/0WDbRyr2oAU4Vxh8iGj4v0BU+SUj7fsKuduL8F/li:8cUS0U1yyoAXf8iGj4sBU+SUj7fsG8F8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
297474bbbf407b0987e73419281df334_JaffaCakes118

Files

297474bbbf407b0987e73419281df334_JaffaCakes118
.sys windows:4 windows x86 arch:x86

bac94efbb91aa509e832a2497abe3d99

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

swprintf
strncpy
IoGetCurrentProcess
RtlInitUnicodeString
strncmp
MmIsAddressValid
ZwQueryValueKey
ZwSetValueKey
wcslen
wcscat
wcscpy
RtlAnsiStringToUnicodeString
ZwClose
RtlCompareUnicodeString
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
ObReferenceObjectByHandle
_snwprintf
wcsncpy
wcschr
ZwOpenKey
_wcsicmp
wcsrchr
ExAllocatePoolWithTag
IoDeviceObjectType
ZwCreateKey
IofCompleteRequest
ExFreePool
ObfDereferenceObject
ZwSetInformationFile
ZwCreateFile
ZwDeleteKey
_except_handler3
_wcsnicmp
RtlCopyUnicodeString
IoRegisterDriverReinitialization
MmGetSystemRoutineAddress
_snprintf
KeTickCount
KeQueryTimeIncrement
_stricmp
wcsstr
_wcslwr
PsCreateSystemThread
PsGetVersion
PsLookupProcessByProcessId
KeQuerySystemTime
PsSetCreateProcessNotifyRoutine
KeDelayExecutionThread

Sections

.text
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGEWMI
Size: 32B - Virtual size: 10B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGEDRV
Size: 32B - Virtual size: 8B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGESYS
Size: 32B - Virtual size: 3B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 64B - Virtual size: 60B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 736B - Virtual size: 712B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bac94efbb91aa509e832a2497abe3d99

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 27KB - Virtual size: 27KB

.data Size: 6KB - Virtual size: 6KB

PAGEWMI Size: 32B - Virtual size: 10B

PAGEDRV Size: 32B - Virtual size: 8B

PAGESYS Size: 32B - Virtual size: 3B

PAGE Size: 64B - Virtual size: 60B

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 736B - Virtual size: 712B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 27KB - Virtual size: 27KB

.data
Size: 6KB - Virtual size: 6KB

PAGEWMI
Size: 32B - Virtual size: 10B

PAGEDRV
Size: 32B - Virtual size: 8B

PAGESYS
Size: 32B - Virtual size: 3B

PAGE
Size: 64B - Virtual size: 60B

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 736B - Virtual size: 712B

.reloc
Size: 1KB - Virtual size: 1KB