476f60b188a8e6cbada85c05f406431d_JaffaCakes118

General

Target

476f60b188a8e6cbada85c05f406431d_JaffaCakes118
Size

19KB
MD5

476f60b188a8e6cbada85c05f406431d
SHA1

098a905fa8e14c5550b6deaff108b4463c26d050
SHA256

1811c36ec803afaa104b18ca23b71a9702f78ac98004a83b079a51f9bcf734f9
SHA512

3edb2ab148657ca2aa699f58f21f6c05ba4544bfe97672e8cec5e745a7851372d3a591c173c5c69317d79a2592eaa9ac98f541a32f03acf4657aa116acfb676c
SSDEEP

384:j6VjthxFJuepDy+2+i5nUgw7cKxNhbOeJgG0bqmXK:eVjtfY1+i5b2xNVRK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
476f60b188a8e6cbada85c05f406431d_JaffaCakes118

Files

476f60b188a8e6cbada85c05f406431d_JaffaCakes118
.sys windows:4 windows x86 arch:x86

a13fffb0b9f4b740d4c3d0bd72e649ac

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ObReferenceObjectByHandle
CcDeferWrite
RtlFreeUnicodeString
ExInitializeRundownProtection
XIPDispatch
PsGetJobSessionId
MmUserProbeAddress
KeReadStateMutex
IoVerifyVolume
memset
RtlCompareUnicodeString
ZwOpenEvent
RtlAnsiStringToUnicodeString
RtlCaptureStackBackTrace
RtlInitializeGenericTableAvl
ZwSetInformationFile
CcCopyWrite
_CIsin
strcmp
KeInitializeTimerEx
_strrev
NtQueryInformationFile
Ke386SetIoAccessMap
RtlFillMemory
mbtowc
PsGetCurrentProcessSessionId
KeInsertByKeyDeviceQueue
memcpy
RtlImageNtHeader
RtlEnumerateGenericTable
RtlInitString
IoCreateStreamFileObject
InitSafeBootMode
CcFlushCache
KeReleaseMutex
ExFreePoolWithTag
DbgPrint
FsRtlNotifyReportChange
ZwSetVolumeInformationFile
PsGetProcessExitTime
ExAllocatePool
RtlInitializeUnicodePrefix

Exports

Exports

PoDmjd
XjImjyyxKdwavHqv
XgsEhxxYl

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a13fffb0b9f4b740d4c3d0bd72e649ac

Headers

File Characteristics

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 3KB - Virtual size: 2KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: - Virtual size: 4B

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 64B

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: - Virtual size: 4B

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 64B