2fdbcfaa5409e9ca45fa31c0689f5673_JaffaCakes118

General

Target

2fdbcfaa5409e9ca45fa31c0689f5673_JaffaCakes118
Size

53KB
MD5

2fdbcfaa5409e9ca45fa31c0689f5673
SHA1

9d05f39b6547935ae52f22061d7355adbcab2d8c
SHA256

398e9e8d5931d2f7c3b3b9f8cb558db700614d16a2c2106b0e4d92323178f3fa
SHA512

2c90b467303a0c2ea8175832a17ce9704e13ae6f0c300c416e351c9b07daebe4d00e674053ab5198422c054df78f3d86a6ab65a5e5e74b1ede159ee31ccf0b75
SSDEEP

768:l3+3b9dcD1w91jwRoPcnk2dsGPxUHUc4G2Nzq7C/C9dXtU1SK/oPmTBModGMAwcr:lWQJwUWPcG3MV0ImG62

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2fdbcfaa5409e9ca45fa31c0689f5673_JaffaCakes118

Files

2fdbcfaa5409e9ca45fa31c0689f5673_JaffaCakes118
.sys windows:4 windows x86 arch:x86

dcf90919f404543ef37c20f409aee474

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwClose
ExFreePool
wcscpy
ZwEnumerateKey
wcscat
ExAllocatePoolWithTag
ZwOpenKey
RtlInitUnicodeString
KeDelayExecutionThread
IofCompleteRequest
IoGetCurrentProcess
ZwDeleteValueKey
_except_handler3
PsCreateSystemThread
ZwQueryValueKey
strncmp
PsGetVersion
strncpy
_wcsnicmp
wcslen
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
ZwSetValueKey
MmGetSystemRoutineAddress
wcsstr
RtlCopyUnicodeString
wcsncmp
towlower
ZwWriteFile
ZwSetInformationFile
ZwReadFile
ZwQueryInformationFile
ZwCreateFile
_strnicmp
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
ExGetPreviousMode
IoRegisterDriverReinitialization

Sections

.text
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 192B - Virtual size: 192B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 992B - Virtual size: 982B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dcf90919f404543ef37c20f409aee474

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 43KB - Virtual size: 43KB

.data Size: 7KB - Virtual size: 7KB

PAGE Size: 192B - Virtual size: 192B

INIT Size: 992B - Virtual size: 982B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 43KB - Virtual size: 43KB

.data
Size: 7KB - Virtual size: 7KB

PAGE
Size: 192B - Virtual size: 192B

INIT
Size: 992B - Virtual size: 982B

.reloc
Size: 1KB - Virtual size: 1KB