47315f94da8b90eb06ca1b98091643f4_JaffaCakes118

General

Target

47315f94da8b90eb06ca1b98091643f4_JaffaCakes118
Size

49KB
MD5

47315f94da8b90eb06ca1b98091643f4
SHA1

3ed219b7cd1c2f5a358bcc24119dd0a99f43ee95
SHA256

f282ad61bb461ee3801568d461c593f1c4233fcef103ab8fb09d292f9984870a
SHA512

5c5a1c40442a3a07e3f8dfd4e0f32e93f6771f405ab9324aa721936420425771caab165d034a66e7f1a3ace256f5e337efe0f6633aa5c1f10a644c1c297e0769
SSDEEP

384:39EqMkotNoPhAZUkaSAJX/Qk4qClhajIXG8HnfjEG4KAa+D+FC/8UXJtboOmDItP:OozZzGwtUDI4pRMzSp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
47315f94da8b90eb06ca1b98091643f4_JaffaCakes118

Files

47315f94da8b90eb06ca1b98091643f4_JaffaCakes118
.sys windows:4 windows x86 arch:x86

94dd5778adab186154175a2e4df197e3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlAnsiStringToUnicodeString
ZwCreateFile
ZwSetValueKey
ZwClose
ZwOpenKey
ZwEnumerateKey
PsGetVersion
_wcslwr
wcsncpy
swprintf
RtlInitUnicodeString
IoRegisterDriverReinitialization
strncmp
IoGetCurrentProcess
_wcsnicmp
wcslen
_snprintf
ExFreePool
ExAllocatePoolWithTag
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
MmIsAddressValid
ZwCreateKey
wcscat
wcscpy
MmGetSystemRoutineAddress
PsTerminateSystemThread
_stricmp
strncpy
PsLookupProcessByProcessId
KeInitializeTimer
IofCompleteRequest
ZwUnmapViewOfSection

Sections

.text
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 160B - Virtual size: 135B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 832B - Virtual size: 804B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 928B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 736B - Virtual size: 728B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

94dd5778adab186154175a2e4df197e3

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 42KB - Virtual size: 42KB

.data Size: 3KB - Virtual size: 3KB

PAGE Size: 160B - Virtual size: 135B

INIT Size: 832B - Virtual size: 804B

.rsrc Size: 928B - Virtual size: 912B

.reloc Size: 736B - Virtual size: 728B

.text
Size: 42KB - Virtual size: 42KB

.data
Size: 3KB - Virtual size: 3KB

PAGE
Size: 160B - Virtual size: 135B

INIT
Size: 832B - Virtual size: 804B

.rsrc
Size: 928B - Virtual size: 912B

.reloc
Size: 736B - Virtual size: 728B