3a35012513e53a2250ef6e232ce868a0_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3a35012513e53a2250ef6e232ce868a0_JaffaCakes118
Size

28KB
MD5

3a35012513e53a2250ef6e232ce868a0
SHA1

4e8d8696723701a9c32a6ee703b99cbd312586b4
SHA256

d53dcdaa9f3a13e8e5af39ae39d4519e39a56bccca75c01c39c4a5bc9be1f860
SHA512

34727054f19f6c1d5153119d7c6c922f32e944580073edae9bda39c7de4a1f9f073016e841222b7cd988f3adbce56733048c5407c29afe7a39d5835d20988373
SSDEEP

384:ukO0PyzAKr1jiJnmsdszYLFLqGrUAvTNmxOCS3Ijf/3Mj06MYzYFi3:ukO0PyzfrxiJnme7CxOC9r3Mj0ts2i3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3a35012513e53a2250ef6e232ce868a0_JaffaCakes118

Files

3a35012513e53a2250ef6e232ce868a0_JaffaCakes118
.sys windows:6 windows x86 arch:x86

346170700a0a6f78668bd2ca7ce40a37

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\0soft\loader\runtime3\objfre_wxp_x86\i386\runtime3.pdb

Imports

ntoskrnl.exe

memcpy
ExAllocatePoolWithTag
ZwClose
ZwSetValueKey
wcslen
ZwCreateKey
RtlInitUnicodeString
strcmp
PsLookupProcessByProcessId
wcsncpy
memset
ZwQueryValueKey
ZwOpenKey
wcsncat
wcscpy
PsSetCreateProcessNotifyRoutine
IoDeleteDevice
IoCreateSymbolicLink
IoRegisterShutdownNotification
IoCreateDevice
DbgPrint
IofCompleteRequest
RtlAppendUnicodeStringToString
ZwWriteFile
ZwCreateFile
IoRegisterFsRegistrationChange
KeInitializeMutex
RtlAppendUnicodeToString
ZwQueryDirectoryObject
ZwOpenDirectoryObject
KeReleaseMutex
KeWaitForSingleObject
ExFreePoolWithTag
MmIsAddressValid
CmRegisterCallback
ExInitializeResourceLite
KeDelayExecutionThread
KeLeaveCriticalRegion
ExReleaseResourceLite
ExAcquireResourceExclusiveLite
KeEnterCriticalRegion
RtlCopyUnicodeString
RtlCompareUnicodeString
ExAcquireResourceSharedLite
ObQueryNameString
ZwEnumerateValueKey
ExQueueWorkItem

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 768B - Virtual size: 725B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 896B - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

346170700a0a6f78668bd2ca7ce40a37

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Sections

.text Size: 9KB - Virtual size: 9KB

.rdata Size: 384B - Virtual size: 384B

.data Size: 768B - Virtual size: 725B

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 14KB - Virtual size: 14KB

.reloc Size: 896B - Virtual size: 896B

.text
Size: 9KB - Virtual size: 9KB

.rdata
Size: 384B - Virtual size: 384B

.data
Size: 768B - Virtual size: 725B

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 14KB - Virtual size: 14KB

.reloc
Size: 896B - Virtual size: 896B