2c67c67841278cd99293fd0adda783f7_JaffaCakes118

General

Target

2c67c67841278cd99293fd0adda783f7_JaffaCakes118
Size

5KB
MD5

2c67c67841278cd99293fd0adda783f7
SHA1

9043ad3f420e7acfab484e74edad8f670e8e3ccb
SHA256

5d3183dabdfe3f9a43ccbaa75e3d644e6d0955ec8e474ef2a8a1db8e84e00b11
SHA512

3e216526634a21448bb0b90b2743b96ceb95e1d55238b3bf6779b4d5cd4540c5b5ab510603b298294ab9f73fecc4746dc8232b24e6b124643836dc9f3ad0ef68
SSDEEP

96:tVIFh7QeRDpiGJ+XQB7jK3z8tP8Zi7GH5gjmdNofzg/r:+RJ0XWGzi8ZXyjmILg/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2c67c67841278cd99293fd0adda783f7_JaffaCakes118

Files

2c67c67841278cd99293fd0adda783f7_JaffaCakes118
.sys windows:4 windows x86 arch:x86

508b302c4dce1c22628e50883232f1b7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoGetDeviceObjectPointer
ObDereferenceObject
ObReferenceObjectByName
RtlAnsiStringToUnicodeString
RtlInitAnsiString
ZwAccessCheckAndAuditAlarm
ZwAdjustPrivilegesToken
ZwAlertThread
ZwAllocateVirtualMemory
ZwCancelIoFile
ZwCancelTimer
ZwClearEvent
ZwClose
ZwCloseObjectAuditAlarm
ZwConnectPort
ZwCreateDirectoryObject
ZwCreateEvent
ZwCreateFile
ZwCreateKey
ZwCreateSection
ZwCreateSymbolicLinkObject
ZwCreateTimer
IoGetCurrentProcess
ZwDeleteKey
ZwDeleteValueKey
ZwDeviceIoControlFile
ZwDisplayString
ZwDuplicateObject
ZwDuplicateToken
ZwEnumerateKey
ZwEnumerateValueKey
ZwFlushInstructionCache
ZwFlushKey
ZwFlushVirtualMemory
ZwFreeVirtualMemory
ZwFsControlFile
ZwOpenKey
ZwQueryDirectoryFile
ZwQuerySystemInformation
ZwSetValueKey
ZwTerminateProcess
ZwYieldExecution
KeServiceDescriptorTable
IoDriverObjectType
IoCallDriver
ZwDeleteFile
IoBuildDeviceIoControlRequest

ndis.sys

NdisRegisterProtocol
NdisDeregisterProtocol

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 320B - Virtual size: 316B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 288B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 448B - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

508b302c4dce1c22628e50883232f1b7

Headers

File Characteristics

Imports

ntoskrnl.exe

ndis.sys

Sections

.text Size: 2KB - Virtual size: 2KB

.rdata Size: 320B - Virtual size: 316B

.data Size: 288B - Virtual size: 260B

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 448B - Virtual size: 420B

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 320B - Virtual size: 316B

.data
Size: 288B - Virtual size: 260B

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 448B - Virtual size: 420B