3cf20d6fc92d01d288497ecdf51c5e8a_JaffaCakes118

General

Target

3cf20d6fc92d01d288497ecdf51c5e8a_JaffaCakes118
Size

20KB
MD5

3cf20d6fc92d01d288497ecdf51c5e8a
SHA1

56cd4c873fecc786b2711890c0aa3166282b0a28
SHA256

163d36a760c2201038602f66c19ada372b8e02092ca255b3e55378cfb81ffe6c
SHA512

95b703ce724e5209d8520a9c1013d72bd5608792940b2a718fd1ab5bf36396ab69fec21b7ce86b48343968fb4b46c3ffe5606e377f6b69d186678eefaa36ce12
SSDEEP

384:bh+hx9U1JcpVa6efhTn1sR9eSjgCSf5Y5/R5P:by9U1+na6efhTnKeSjkxYZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3cf20d6fc92d01d288497ecdf51c5e8a_JaffaCakes118

Files

3cf20d6fc92d01d288497ecdf51c5e8a_JaffaCakes118
.sys windows:5 windows x86 arch:x86

0ec3072b4abefd288f8cbfec7440397f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

MmAllocateNonCachedMemory
strrchr
IoForwardIrpSynchronously
PoStartNextPowerIrp
ExAcquireResourceSharedLite
ZwWriteFile
ExFreePoolWithTag
RtlImageNtHeader
RtlSplay
SeTokenIsAdmin
ExAllocatePool
RtlLockBootStatusData
strcmp
PsGetProcessInheritedFromUniqueProcessId
PsJobType
FsRtlAreNamesEqual
RtlDeleteAce
ZwOpenTimer
PsGetProcessWin32WindowStation
_wcsupr
KeRegisterBugCheckCallback
ZwYieldExecution
SeCreateClientSecurityFromSubjectContext
FsRtlCurrentBatchOplock
ExInterlockedAddLargeInteger
RtlCreateAcl
RtlTimeToSecondsSince1970
RtlGetCallersAddress
IoForwardAndCatchIrp
ZwQueryObject
IoSetDeviceInterfaceState
RtlOemToUnicodeN

Exports

Exports

AtgppuwOviiAwm
CsyPsnyCgjdycTl
BehwcHj

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.kdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data32
Size: 512B - Virtual size: 196B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 882B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0ec3072b4abefd288f8cbfec7440397f

Headers

File Characteristics

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 4KB - Virtual size: 4KB

.kdata Size: 3KB - Virtual size: 2KB

.data32 Size: 512B - Virtual size: 196B

INIT Size: 1024B - Virtual size: 882B

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 48B

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 4KB - Virtual size: 4KB

.kdata
Size: 3KB - Virtual size: 2KB

.data32
Size: 512B - Virtual size: 196B

INIT
Size: 1024B - Virtual size: 882B

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 48B