36d1736182286e0c2c1ae5f215b73f35_JaffaCakes118

General

Target

36d1736182286e0c2c1ae5f215b73f35_JaffaCakes118
Size

391KB
MD5

36d1736182286e0c2c1ae5f215b73f35
SHA1

7e4bbcfea2b76cd8bde0952f76a03154b21bc752
SHA256

16751250f7e5bac33849293fa14f883773ff31fe2effc9f44f7df8a01035f078
SHA512

456ecca35a262b56821d1792e61fb69dcebfee2534f66ea125a99ec85c6fa8befb0d42525254485d07224006a8c7d2b2209177cb546f6be7b5c7798ca6263a7c
SSDEEP

6144:wCZsoYSF1kQFQlj2WXw4rVv1tzPyugV0+UTGeoEFJPVtDtuHS4ITBKl:3/kMorhVv6ugVmSehPgS4ITM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
36d1736182286e0c2c1ae5f215b73f35_JaffaCakes118

Files

36d1736182286e0c2c1ae5f215b73f35_JaffaCakes118
.sys windows:6 windows x86 arch:x86

6c5373251cfdaf4f3395c3ec94bb6290

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ObOpenObjectByName
RtlInitUnicodeString
_allmul
_alldiv
ExRaiseStatus
ExAllocatePoolWithTagPriority
ExFreePoolWithTag
ZwQueryInformationProcess
RtlCompareUnicodeString
KeReleaseMutex
KeWaitForSingleObject
ZwEnumerateKey
ZwDeleteKey
ZwOpenKey
wcsncat
memset
ZwLoadDriver
ZwSetValueKey
ZwCreateKey
IoDeleteDevice
KeDetachProcess
KeAttachProcess
PsLookupProcessByProcessId
ExAllocatePoolWithTag
ObReferenceObjectByHandle
ZwReadFile
ZwCreateFile
ZwSetInformationFile
ZwWriteFile
MmGetSystemRoutineAddress
memcpy
RtlCopyUnicodeString
ZwOpenProcess
ZwQueryInformationFile
ZwQueryVolumeInformationFile
ZwQueryValueKey
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice
swprintf
SeCreateClientSecurity
KeGetCurrentThread
KeQuerySystemTime
sprintf
RtlImageDirectoryEntryToData
RtlImageNtHeader
ZwUnmapViewOfSection
ZwMapViewOfSection
ZwCreateSection
KeTickCount
KeBugCheckEx
ObfDereferenceObject
ZwClose
KeInitializeMutex
wcsncmp
RtlUnwind

hal

KfRaiseIrql
KfLowerIrql
KeGetCurrentIrql

Sections

.text
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 342KB - Virtual size: 342KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 768B - Virtual size: 752B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6c5373251cfdaf4f3395c3ec94bb6290

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 40KB - Virtual size: 40KB

.rdata Size: 342KB - Virtual size: 342KB

.data Size: 1KB - Virtual size: 1KB

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 768B - Virtual size: 752B

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 40KB - Virtual size: 40KB

.rdata
Size: 342KB - Virtual size: 342KB

.data
Size: 1KB - Virtual size: 1KB

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 768B - Virtual size: 752B

.reloc
Size: 3KB - Virtual size: 3KB