44750fb67dfc9214803c65a64267fce1_JaffaCakes118

General

Target

44750fb67dfc9214803c65a64267fce1_JaffaCakes118
Size

13KB
MD5

44750fb67dfc9214803c65a64267fce1
SHA1

7d94a9645a5b4c4cbf2a81ef620472546c0de52e
SHA256

c211eaf7b1b43c748376ba46e750dbb667fa141b5733985bf80e380de0842ec0
SHA512

972186ab06387bd2c8cd8892680f4d00c7416a341236ebb7f60967903bc119d6d7ebd9e2fecd1b37a0ba867a0a73f9fbb903d85b65ab112e3b38f2fd1fee2d59
SSDEEP

192:VdNP0IpsHTzfuZ0OgYosMR6IA2DqfN9MJ0WJfdndCI+wxEzVPknn:KIpsL3uQjAeEMr7dQzVPk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
44750fb67dfc9214803c65a64267fce1_JaffaCakes118

Files

44750fb67dfc9214803c65a64267fce1_JaffaCakes118
.sys windows:4 windows x86 arch:x86

4a9d6766613f3b75356baf56147c8ff4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

strncmp
IoGetCurrentProcess
_wcsnicmp
wcslen
ZwClose
RtlInitUnicodeString
tolower
PsTerminateSystemThread
KeDelayExecutionThread
PsCreateSystemThread
swprintf
_stricmp
strncpy
PsLookupProcessByProcessId
isprint
strchr
atoi
ExAllocatePoolWithTag
KeInitializeTimer
IofCompleteRequest
MmIsAddressValid
islower
ZwCreateKey
strrchr
isdigit
wcscat
wcscpy
isxdigit
ZwUnmapViewOfSection
ZwCreateFile
IoRegisterDriverReinitialization
_snprintf
ExFreePool
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
RtlAnsiStringToUnicodeString
PsSetCreateProcessNotifyRoutine
toupper
strstr
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
PsGetVersion
DbgPrint
srand
isupper
_wcslwr
wcsncpy
atol
ZwSetValueKey
ZwOpenKey
ZwEnumerateKey

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 800B - Virtual size: 786B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4a9d6766613f3b75356baf56147c8ff4

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 8KB - Virtual size: 8KB

.data Size: 2KB - Virtual size: 2KB

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 800B - Virtual size: 786B

.text
Size: 8KB - Virtual size: 8KB

.data
Size: 2KB - Virtual size: 2KB

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 800B - Virtual size: 786B