3c6a8373fea0a0b406f4fc6c859c6e3a_JaffaCakes118

General

Target

3c6a8373fea0a0b406f4fc6c859c6e3a_JaffaCakes118
Size

10KB
MD5

3c6a8373fea0a0b406f4fc6c859c6e3a
SHA1

5c64f7a78d352e8e2e53cff13cb565d40dbb1cf5
SHA256

40b319742ee747172b6ab24b11cca5ed049a70ab96c1099ae7540e3a5bb5a2c0
SHA512

030c9fa7dab31d2421425bbe140b1fbbabcf43e7bd772d7e392cab864a752ffd5bb133b016311080042f8024d8921bc730074131e9d99866d1d7e533a59b8076
SSDEEP

192:sZ7m8xjAtIXHC1QXdq2/d5e17X6Cqar0FgAVNpOTcMfmmdX7J:+fxVH5dRw7UuRpAIX1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3c6a8373fea0a0b406f4fc6c859c6e3a_JaffaCakes118

Files

3c6a8373fea0a0b406f4fc6c859c6e3a_JaffaCakes118
.sys windows:5 windows x86 arch:x86

20480d0457c44c30687aa5dbc8cbdb1f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\1SYS\i386\msdirectx.pdb

Imports

ntoskrnl.exe

strncmp
IoGetCurrentProcess
RtlInitUnicodeString
ObQueryNameString
ObfDereferenceObject
ObReferenceObjectByHandle
RtlCompareUnicodeString
RtlFreeAnsiString
RtlCompareMemory
RtlUpperString
RtlUnicodeStringToAnsiString
RtlInitAnsiString
ZwEnumerateKey
ZwEnumerateValueKey
ZwQuerySystemInformation
ZwQueryDirectoryFile
atoi
RtlFreeUnicodeString
RtlQueryRegistryValues
IoDeleteDevice
IoDeleteSymbolicLink
PsLookupProcessByProcessId
ExAllocatePoolWithTag
ExFreePoolWithTag
ZwQueryKey
KeServiceDescriptorTable
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice
MmGetSystemRoutineAddress
MmIsAddressValid
NtBuildNumber

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 287B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 116B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 896B - Virtual size: 886B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 768B - Virtual size: 720B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

20480d0457c44c30687aa5dbc8cbdb1f

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 384B - Virtual size: 287B

.data Size: 128B - Virtual size: 116B

INIT Size: 896B - Virtual size: 886B

.reloc Size: 768B - Virtual size: 720B

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 384B - Virtual size: 287B

.data
Size: 128B - Virtual size: 116B

INIT
Size: 896B - Virtual size: 886B

.reloc
Size: 768B - Virtual size: 720B