43cdb6ae3959371d2065de5761221e70_JaffaCakes118

General

Target

43cdb6ae3959371d2065de5761221e70_JaffaCakes118
Size

40KB
MD5

43cdb6ae3959371d2065de5761221e70
SHA1

616cb38aeaa7171e82c8ab480c7eea2c7b7546cb
SHA256

06e5f1bd430c253a588521f3754eb6c57b8ea12a2ee0826b4d5146e6e6ac2194
SHA512

ae33aa2fa06ef9800bb853ae9ff48675a8a752bc501bf07d6b68c94c82453f6f7ec955c43e8f9a46569ca89661e8840a95b7e58b6b1f2df0ee19a38ff5c4d711
SSDEEP

768:DUEREXmTyLddZ8mN3qW7cP75rj4P+ZI9oU6VuQMeBAfkGK8jqjQxhhDeM38:IEGXaKbZ9r7clj4IIi/lGK8jqUhhDeM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
43cdb6ae3959371d2065de5761221e70_JaffaCakes118

Files

43cdb6ae3959371d2065de5761221e70_JaffaCakes118
.sys windows:4 windows x86 arch:x86

e0ab94cd3a285f3fa8b6ad8851979dc2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

KeQuerySystemTime
_wcsnicmp
wcslen
RtlInitUnicodeString
ObfDereferenceObject
ZwClose
swprintf
ZwOpenKey
strncmp
ZwQueryValueKey
MmGetSystemRoutineAddress
wcscat
wcscpy
_wcsicmp
_except_handler3
strncpy
IoGetCurrentProcess
RtlCompareUnicodeString
ZwSetValueKey
ZwCreateKey
MmIsAddressValid
PsGetVersion
wcsncpy
wcsrchr
ZwCreateFile
IofCompleteRequest
IoRegisterDriverReinitialization
wcsstr
_wcslwr
RtlAnsiStringToUnicodeString
ExFreePool
_snprintf
ExAllocatePoolWithTag
ZwDeleteKey
KeTickCount
KeQueryTimeIncrement
_stricmp
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
ZwSetInformationFile
PsLookupProcessByProcessId
_snwprintf
KeDelayExecutionThread
ObReferenceObjectByHandle
PsSetCreateProcessNotifyRoutine
RtlCopyUnicodeString
IoDeviceObjectType
wcschr
PsCreateSystemThread

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 64B - Virtual size: 58B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e0ab94cd3a285f3fa8b6ad8851979dc2

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 28KB - Virtual size: 28KB

.rdata Size: 256B - Virtual size: 252B

.data Size: 6KB - Virtual size: 6KB

PAGE Size: 64B - Virtual size: 58B

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 28KB - Virtual size: 28KB

.rdata
Size: 256B - Virtual size: 252B

.data
Size: 6KB - Virtual size: 6KB

PAGE
Size: 64B - Virtual size: 58B

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB