3bfd2e25e789004636cdd8c5f908aa3d_JaffaCakes118

General

Target

3bfd2e25e789004636cdd8c5f908aa3d_JaffaCakes118
Size

34KB
MD5

3bfd2e25e789004636cdd8c5f908aa3d
SHA1

b2447ab1bf790b574faa48376b9f7ce646902f69
SHA256

8b79764d9b3af285c5199d79e6381d2ec2719273efb69c480777c4aad5db3145
SHA512

fd33ec207ad2a693b527b9447d4e79a74192ee726f3eec747c4377a6429ecc4c466656af70ab6fafa4398ba29eed2e505aecd41557f5b123d6e8805018b8c8c1
SSDEEP

384:kwxcoIbtA1vvbnn0StYLHS7TkF+6BqfGuPXA+jnG:t2evvz08YmPm5q+uYUG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3bfd2e25e789004636cdd8c5f908aa3d_JaffaCakes118

Files

3bfd2e25e789004636cdd8c5f908aa3d_JaffaCakes118
.sys windows:6 windows x86 arch:x86

0d37455fcf82c6e3367b48134a5a2945

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\winddk\7600.16385.1\inject\objfre_wxp_x86\i386\ahnurl.pdb

Imports

ntoskrnl.exe

ObOpenObjectByPointer
KeDetachProcess
ZwTerminateProcess
KeAttachProcess
ExFreePoolWithTag
ZwQuerySystemInformation
ExAllocatePool
DbgPrint
PsLookupProcessByProcessId
memcpy
RtlFreeUnicodeString
wcsstr
RtlUpcaseUnicodeString
RtlInitUnicodeString
ZwQueryInformationFile
ZwEnumerateKey
ZwEnumerateValueKey
MmGetSystemRoutineAddress
ZwWriteFile
ZwReadFile
ZwCreateFile
ZwOpenFile
ZwDeleteFile
RtlQueryRegistryValues
KeDelayExecutionThread
PsCreateSystemThread
NtMapViewOfSection
ObfDereferenceObject
ZwAllocateVirtualMemory
ObReferenceObjectByHandle
MmSectionObjectType
memmove
ZwUnmapViewOfSection
_stricmp
ZwMapViewOfSection
PsGetCurrentProcessId
ZwOpenSection
KeTickCount
KeBugCheckEx
ZwClose
KeServiceDescriptorTable
memset
RtlUnwind

hal

KeRaiseIrqlToDpcLevel
KfLowerIrql

Sections

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 452B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0d37455fcf82c6e3367b48134a5a2945

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

hal

Sections

.text Size: 17KB - Virtual size: 17KB

.rdata Size: 512B - Virtual size: 452B

.data Size: 12KB - Virtual size: 12KB

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 17KB - Virtual size: 17KB

.rdata
Size: 512B - Virtual size: 452B

.data
Size: 12KB - Virtual size: 12KB

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB