2febdfd448a09bb3fdba745c496fa216_JaffaCakes118

General

Target

2febdfd448a09bb3fdba745c496fa216_JaffaCakes118
Size

9KB
MD5

2febdfd448a09bb3fdba745c496fa216
SHA1

a0d59ca9fdb93b523f26681f77b7f6b41178d163
SHA256

a5c7daa98b827366cd9bed79ab763d1138366e675810c884408d4a457336afd5
SHA512

9c46a8881fcfa1ce57de48a7cc76454c930aca9409d7195bb9eb074f0d84386977a13f745befd13eca80b5ddb29c8b8dd0d6a24b64fb75bd7d2e7ee053597361
SSDEEP

96:zFuUndZJOzcN2BMD/4V/6nxiCjShyqZTrmRgP14OlUw0QZk:zFuUnNN2bKAVZGR814OlnA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2febdfd448a09bb3fdba745c496fa216_JaffaCakes118

Files

2febdfd448a09bb3fdba745c496fa216_JaffaCakes118
.sys windows:5 windows x86 arch:x86

d246c119d69134eec187e97ba66003b4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\222\objfre\i386\wqadqewqrewewfew.pdb

Imports

ntoskrnl.exe

RtlFreeUnicodeString
wcscpy
RtlAnsiStringToUnicodeString
RtlInitAnsiString
ExFreePoolWithTag
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
ExAllocatePoolWithTag
wcslen
wcscat
swprintf
strchr
ZwClose
ZwSetValueKey
RtlInitUnicodeString
ZwOpenKey
RtlCompareMemory
RtlUpperString
PsGetCurrentProcessId
ZwQueryDirectoryFile
ZwQueryValueKey
ZwEnumerateValueKey
ZwEnumerateKey
ZwDeviceIoControlFile
ZwQuerySystemInformation
IoDeleteDevice
IoDeleteSymbolicLink
_strupr
IofCompleteRequest
KeServiceDescriptorTable
IoCreateSymbolicLink
IoCreateDevice
_wcsupr

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 896B - Virtual size: 826B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 128B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 384B - Virtual size: 372B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d246c119d69134eec187e97ba66003b4

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Sections

.text Size: 4KB - Virtual size: 3KB

.data Size: 3KB - Virtual size: 3KB

INIT Size: 896B - Virtual size: 826B

.rsrc Size: 128B - Virtual size: 16B

.reloc Size: 384B - Virtual size: 372B

.text
Size: 4KB - Virtual size: 3KB

.data
Size: 3KB - Virtual size: 3KB

INIT
Size: 896B - Virtual size: 826B

.rsrc
Size: 128B - Virtual size: 16B

.reloc
Size: 384B - Virtual size: 372B