36fe4764c27d229f776814db8e7bbeb9_JaffaCakes118

General

Target

36fe4764c27d229f776814db8e7bbeb9_JaffaCakes118
Size

40KB
MD5

36fe4764c27d229f776814db8e7bbeb9
SHA1

0010c139a19b21f3ffd9b4f9e73a2fd16f014f10
SHA256

1d23929beae985502d82a012aa259d775f787bfec7a840335fe347f4a8e6d0f8
SHA512

58b85b405fafc6a4ba1332a852f6de51f0700b1accb683b2a66ff0e8cc1f466414fb5347797723e71bcebfc18b24f94c8d4b56226c006e5e4f0cef7c6aa73793
SSDEEP

768:JtDWiIDBXOP8iz2zKBap7jHVQdeL0sZXnEJSebfFQ5ASpOnkP4frX8oforWt0tGv:/WTc8izGZgeL7ZXnEQebNQ5xpOkAfz5v

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
36fe4764c27d229f776814db8e7bbeb9_JaffaCakes118

Files

36fe4764c27d229f776814db8e7bbeb9_JaffaCakes118
.sys windows:4 windows x86 arch:x86

62127187289a6ced2f3ac856e4df2cf8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwClose
PsGetVersion
MmIsAddressValid
_snwprintf
ExAllocatePoolWithTag
RtlInitUnicodeString
ZwSetValueKey
ZwQueryValueKey
ZwOpenKey
_except_handler3
strncmp
IoGetCurrentProcess
swprintf
ObReferenceObjectByHandle
IoRegisterDriverReinitialization
RtlCopyUnicodeString
KeDelayExecutionThread
KeQuerySystemTime
ObfDereferenceObject
RtlCompareUnicodeString
ZwDeleteKey
RtlAnsiStringToUnicodeString
wcslen
ZwCreateKey
wcsncpy
wcsrchr
IoDeviceObjectType
_wcsicmp
PsCreateSystemThread
ExFreePool
_wcsnicmp
_snprintf
ZwSetInformationFile
ZwCreateFile
wcscpy
KeTickCount
KeQueryTimeIncrement
_stricmp
PsSetCreateProcessNotifyRoutine
IofCompleteRequest
MmGetSystemRoutineAddress
wcscat
strncpy
PsLookupProcessByProcessId
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
wcschr
wcsstr
_wcslwr

Sections

.text
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 96B - Virtual size: 86B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

62127187289a6ced2f3ac856e4df2cf8

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 29KB - Virtual size: 29KB

.rdata Size: 256B - Virtual size: 252B

.data Size: 7KB - Virtual size: 6KB

PAGE Size: 96B - Virtual size: 86B

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 29KB - Virtual size: 29KB

.rdata
Size: 256B - Virtual size: 252B

.data
Size: 7KB - Virtual size: 6KB

PAGE
Size: 96B - Virtual size: 86B

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB