4597d6b6400d1b514dffe3bb3d9cbcbb_JaffaCakes118

General

Target

4597d6b6400d1b514dffe3bb3d9cbcbb_JaffaCakes118
Size

8KB
MD5

4597d6b6400d1b514dffe3bb3d9cbcbb
SHA1

1fde235232c3b6812bdbc77251569475094e6589
SHA256

658d7335795e5a2d38bca00386c97b3047b784fc0c6dd59d228d51c961e63da5
SHA512

1c5c6b3d6f76f30e9e38c6a23ccc39b33947ca9ce8a04dd76270a8a1203c543946d622430f79bc0bf849ea5361a6bd105cd06d4c84e7291420a608821512bd4f
SSDEEP

192:y6skXo/a6BeRX4k5Z7T/vlUXkx7J/g4iTXCZrvjCRl:OKseRX4CFiTCjCv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4597d6b6400d1b514dffe3bb3d9cbcbb_JaffaCakes118

Files

4597d6b6400d1b514dffe3bb3d9cbcbb_JaffaCakes118
.sys windows:5 windows x86 arch:x86

27ddfe4e7ead6903c39fb4b30cd5e9fb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExFreePool
strncat
ExAllocatePoolWithTag
ZwQuerySystemInformation
_stricmp
IoGetCurrentProcess
ZwClose
ZwUnmapViewOfSection
strncmp
PsGetVersion
strncpy
ObfDereferenceObject
KeDetachProcess
KeAttachProcess
PsLookupProcessByProcessId
DbgPrint
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
RtlAnsiStringToUnicodeString
RtlInitAnsiString
IoDeleteDevice
IoDeleteSymbolicLink
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
IoCreateSymbolicLink
IoCreateDevice
IofCompleteRequest
wcscmp
ZwEnumerateKey
ZwDeviceIoControlFile
ZwQueryDirectoryFile
ZwCreateKey
ZwSetValueKey
wcslen
RtlInitUnicodeString
_except_handler3
RtlCompareMemory

hal

KfRaiseIrql
KfLowerIrql
KeGetCurrentIrql

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 320B - Virtual size: 308B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 192B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 576B - Virtual size: 564B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

27ddfe4e7ead6903c39fb4b30cd5e9fb

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 5KB - Virtual size: 5KB

.rdata Size: 320B - Virtual size: 308B

.data Size: 192B - Virtual size: 192B

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 576B - Virtual size: 564B

.text
Size: 5KB - Virtual size: 5KB

.rdata
Size: 320B - Virtual size: 308B

.data
Size: 192B - Virtual size: 192B

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 576B - Virtual size: 564B