2cb9541eb8ef9580ea26e61a9fed81a8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2cb9541eb8ef9580ea26e61a9fed81a8_JaffaCakes118
Size

40KB
MD5

2cb9541eb8ef9580ea26e61a9fed81a8
SHA1

cc19d7d0cd93c632ee2d40831c6761a8dffb4931
SHA256

02f9d7fc65e6828e590817291df7edc5e93829097b1103858e2014a267f9c3da
SHA512

a56b429590d65ffdc692816dff15366af303b589bccfd3924dfde16d971eaf1567a67f75d22ae22d5c8e1fa29d7b9d0da5fad8b82e9587162ea0d5c6da35e3e6
SSDEEP

768:+q6IpMEhjXWOUszVcG/D77OKvi68bBtAUix7l33Q2WEQVD6iy8qm9L5WIB:VcEhy4cA7OKq68bcDZfWjVGZ8LN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2cb9541eb8ef9580ea26e61a9fed81a8_JaffaCakes118

Files

2cb9541eb8ef9580ea26e61a9fed81a8_JaffaCakes118
.sys windows:4 windows x86 arch:x86

3f8800c50fc6bc5e1c71ff5e9d99dc82

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

MmGetSystemRoutineAddress
RtlInitUnicodeString
wcslen
ZwCreateKey
swprintf
wcsncpy
wcsrchr
ZwClose
ZwQueryValueKey
_wcsicmp
ObReferenceObjectByHandle
KeQuerySystemTime
strncmp
ZwSetValueKey
ZwOpenKey
_except_handler3
KeDelayExecutionThread
strncpy
PsLookupProcessByProcessId
_stricmp
PsCreateSystemThread
ZwSetInformationFile
ZwCreateFile
wcscpy
RtlCompareUnicodeString
ZwDeleteKey
ObfDereferenceObject
_snwprintf
wcschr
MmIsAddressValid
wcscat
ExAllocatePoolWithTag
PsGetVersion
ExFreePool
_snprintf
IoGetCurrentProcess
PsSetCreateProcessNotifyRoutine
wcsstr
_wcslwr
IoDeviceObjectType
RtlAnsiStringToUnicodeString
IofCompleteRequest
KeTickCount
KeQueryTimeIncrement
_wcsnicmp
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
RtlCopyUnicodeString
IoRegisterDriverReinitialization

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGEWMI
Size: 32B - Virtual size: 10B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGEDRV
Size: 32B - Virtual size: 3B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 96B - Virtual size: 83B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3f8800c50fc6bc5e1c71ff5e9d99dc82

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 28KB - Virtual size: 28KB

.rdata Size: 256B - Virtual size: 252B

.data Size: 7KB - Virtual size: 7KB

PAGEWMI Size: 32B - Virtual size: 10B

PAGEDRV Size: 32B - Virtual size: 3B

PAGE Size: 96B - Virtual size: 83B

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 28KB - Virtual size: 28KB

.rdata
Size: 256B - Virtual size: 252B

.data
Size: 7KB - Virtual size: 7KB

PAGEWMI
Size: 32B - Virtual size: 10B

PAGEDRV
Size: 32B - Virtual size: 3B

PAGE
Size: 96B - Virtual size: 83B

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB