2744159b51f1cf2b7a67d72d35f34434_JaffaCakes118

General

Target

2744159b51f1cf2b7a67d72d35f34434_JaffaCakes118
Size

18KB
MD5

2744159b51f1cf2b7a67d72d35f34434
SHA1

7bc55467d2ee39b3f161b05b54df934d1b37703d
SHA256

81fb66f9c7ad4b02bc84f3f2928f86db32dee21ea6f53ba36a87fbb065c2af75
SHA512

2bbbfe2e5c0f18cdb06b20beaad7fa3cca5dacdf2e8d29a22682faade89d221aa6f03eda43929aea7316b90b63e0729dd61f83a7a6a79bb0025fae310476792d
SSDEEP

192:dlnNrt5Tq8W+gvkuAFi5BR5WoZHUJIMxcqykVxOvxQU76l0:dlnNrt5+zvkk5PYoZ0JjxJxpz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2744159b51f1cf2b7a67d72d35f34434_JaffaCakes118

Files

2744159b51f1cf2b7a67d72d35f34434_JaffaCakes118
.sys windows:5 windows x86 arch:x86

aaf9e9c202f97e69795428c4f8a3a866

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\agony\sys\i386\agony.pdb

Imports

ntoskrnl.exe

MmMapLockedPages
MmBuildMdlForNonPagedPool
MmCreateMdl
KeServiceDescriptorTable
IoFreeMdl
MmUnmapLockedPages
ZwQueryVolumeInformationFile
ZwDeviceIoControlFile
ZwEnumerateValueKey
ZwEnumerateKey
ZwQueryDirectoryFile
ZwQuerySystemInformation
IoDeleteDevice
IoDeleteSymbolicLink
RtlInitUnicodeString
ExFreePoolWithTag
IofCompleteRequest
ExAllocatePoolWithTag
wcslen
IoCreateSymbolicLink
IoCreateDevice
ZwQueryInformationFile
ZwAdjustPrivilegesToken
ZwOpenProcessToken
ZwClose
ZwReadFile
ZwCreateFile
wcscmp
_allmul
_alldiv
ObReferenceObjectByHandle
ZwOpenProcess
_strnicmp
MmIsAddressValid
MmHighestUserAddress
KeDetachProcess
ZwQueryInformationProcess
KeAttachProcess

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 974B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 768B - Virtual size: 758B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

aaf9e9c202f97e69795428c4f8a3a866

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Sections

.text Size: 8KB - Virtual size: 8KB

.rdata Size: 256B - Virtual size: 240B

.data Size: 6KB - Virtual size: 6KB

INIT Size: 1024B - Virtual size: 974B

.reloc Size: 768B - Virtual size: 758B

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 256B - Virtual size: 240B

.data
Size: 6KB - Virtual size: 6KB

INIT
Size: 1024B - Virtual size: 974B

.reloc
Size: 768B - Virtual size: 758B