364930d99423d6419249d89c63a68100_JaffaCakes118

General

Target

364930d99423d6419249d89c63a68100_JaffaCakes118
Size

39KB
MD5

364930d99423d6419249d89c63a68100
SHA1

e2f7b5ba101e24e2e49f8f6fe798fa9e8fa0857e
SHA256

d3c8de292cef27be131bcf0754d2c99227af4c6b5bcca6b0461788e486951549
SHA512

91d5828a07244f48b6cb92fe81c4dc5d08f282492877d5661d55b861446a03a81e334de952819a751e66376de863297c77a9aafe890f64d6e3a46e749ee330be
SSDEEP

768:34cpQTJdorzbdHWTuKkStOJzzp3OOyV+BgGcUV:J+TJW3bd2qNjxzBUG5cU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
364930d99423d6419249d89c63a68100_JaffaCakes118

Files

364930d99423d6419249d89c63a68100_JaffaCakes118
.sys windows:4 windows x86 arch:x86

85edf17764aedeb9c4b147fd4160ad76

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

wcslen
ZwCreateKey
RtlInitUnicodeString
swprintf
wcsncpy
wcsrchr
MmIsAddressValid
IoRegisterDriverReinitialization
_snwprintf
ExAllocatePoolWithTag
KeQuerySystemTime
RtlCompareUnicodeString
PsSetCreateProcessNotifyRoutine
ZwSetValueKey
ZwClose
PsGetVersion
ExFreePool
ObfDereferenceObject
strncpy
PsLookupProcessByProcessId
_stricmp
KeTickCount
KeQueryTimeIncrement
strncmp
IoGetCurrentProcess
MmGetSystemRoutineAddress
ZwQueryValueKey
ZwOpenKey
_except_handler3
_wcsnicmp
IofCompleteRequest
ObReferenceObjectByHandle
ZwSetInformationFile
ZwCreateFile
wcscpy
wcsstr
_wcslwr
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
wcschr
IoDeviceObjectType
ZwDeleteKey
_wcsicmp
PsCreateSystemThread
_snprintf
RtlCopyUnicodeString
KeDelayExecutionThread
RtlAnsiStringToUnicodeString
wcscat

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 96B - Virtual size: 90B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

85edf17764aedeb9c4b147fd4160ad76

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 28KB - Virtual size: 28KB

.rdata Size: 256B - Virtual size: 252B

.data Size: 6KB - Virtual size: 6KB

PAGE Size: 96B - Virtual size: 90B

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 28KB - Virtual size: 28KB

.rdata
Size: 256B - Virtual size: 252B

.data
Size: 6KB - Virtual size: 6KB

PAGE
Size: 96B - Virtual size: 90B

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB