392265f008b253a88f2e66dab51dcbde_JaffaCakes118

General

Target

392265f008b253a88f2e66dab51dcbde_JaffaCakes118
Size

40KB
MD5

392265f008b253a88f2e66dab51dcbde
SHA1

54083b977840fb91fd4bdf3d81911d6a63276160
SHA256

185ed6b18e10426ee932302ba683686535b9ff6e92b47ad0cab2803096399059
SHA512

80111cb2a1c6e5d87c6cc64317db77ba57a42201c6b551f87afde1b4572586b9265867ba131d7c1f0d2418109d4801bc96e32c16a9067edfd3927b930403a9e0
SSDEEP

768:KqoHWCatAwjZGb25wzwxw98FWjCNNkL8f2HstEq7urNF9Ugs6/jxoUjcOFvgzNf:KBHRY7QC5AwxQ8vzkC2MOq7urNF9nn/Y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
392265f008b253a88f2e66dab51dcbde_JaffaCakes118

Files

392265f008b253a88f2e66dab51dcbde_JaffaCakes118
.sys windows:4 windows x86 arch:x86

a25656a698e21210e33c6a496a0f06cd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExFreePool
ExAllocatePoolWithTag
ZwClose
ObfDereferenceObject
PsSetCreateProcessNotifyRoutine
RtlCompareUnicodeString
RtlInitUnicodeString
wcsncpy
MmIsAddressValid
IoGetCurrentProcess
PsGetVersion
ZwQueryValueKey
strncmp
wcslen
swprintf
wcscat
wcscpy
ZwSetInformationFile
ZwCreateFile
ZwSetValueKey
_wcsnicmp
wcsstr
_wcslwr
KeDelayExecutionThread
KeQuerySystemTime
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
PsCreateSystemThread
strncpy
ZwCreateKey
wcsrchr
MmGetSystemRoutineAddress
ZwOpenKey
_except_handler3
KeTickCount
KeQueryTimeIncrement
_stricmp
_snprintf
RtlCopyUnicodeString
ZwDeleteKey
PsLookupProcessByProcessId
_wcsicmp
ObReferenceObjectByHandle
IoDeviceObjectType
IoRegisterDriverReinitialization
_snwprintf
wcschr
IofCompleteRequest
RtlAnsiStringToUnicodeString

Sections

.text
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 96B - Virtual size: 69B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGEWMI
Size: 32B - Virtual size: 5B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a25656a698e21210e33c6a496a0f06cd

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 29KB - Virtual size: 28KB

.rdata Size: 256B - Virtual size: 252B

.data Size: 7KB - Virtual size: 7KB

PAGE Size: 96B - Virtual size: 69B

PAGEWMI Size: 32B - Virtual size: 5B

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 29KB - Virtual size: 28KB

.rdata
Size: 256B - Virtual size: 252B

.data
Size: 7KB - Virtual size: 7KB

PAGE
Size: 96B - Virtual size: 69B

PAGEWMI
Size: 32B - Virtual size: 5B

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB