49997ca385f2f53c76b7e2b4b20dbafd_JaffaCakes118

General

Target

49997ca385f2f53c76b7e2b4b20dbafd_JaffaCakes118
Size

40KB
MD5

49997ca385f2f53c76b7e2b4b20dbafd
SHA1

5b6202ee523bf25cac86f15a44280c7f889a0cba
SHA256

9057c1637b1be1da4250ee000251bd559413575ceceef061c97a547d65a6a306
SHA512

74d8c9276b79785e516d39d000c65b67812073e4c72f10e0f8cac4c5f98f7ebdcbf0c44a0151c20a5cc014f637dd7918a9d446d627fab2982aa292adfc78c507
SSDEEP

768:H/PG/dpJmMYmRmDid+4pYq8OooXKU2ES+8aaioYmVGfJWhRe3iTMSdHxSZSNXZMR:HeCMTRmDP4aRESfUveSZSd1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
49997ca385f2f53c76b7e2b4b20dbafd_JaffaCakes118

Files

49997ca385f2f53c76b7e2b4b20dbafd_JaffaCakes118
.sys windows:4 windows x86 arch:x86

759ffb9609dce02e3dbcd91a5b42269c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

wcsstr
_wcslwr
RtlInitUnicodeString
_wcsicmp
wcsncpy
wcslen
wcsrchr
ZwSetValueKey
strncmp
ZwClose
PsGetVersion
ObReferenceObjectByHandle
ZwQueryValueKey
strncpy
PsLookupProcessByProcessId
_stricmp
_wcsnicmp
PsCreateSystemThread
_snwprintf
ExAllocatePoolWithTag
MmIsAddressValid
IoDeviceObjectType
ObfDereferenceObject
ZwOpenKey
RtlCompareUnicodeString
ZwCreateKey
swprintf
ZwDeleteKey
IoGetCurrentProcess
KeDelayExecutionThread
KeQuerySystemTime
ZwSetInformationFile
ZwCreateFile
wcscpy
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
wcscat
_except_handler3
ExFreePool
KeTickCount
KeQueryTimeIncrement
RtlCopyUnicodeString
PsSetCreateProcessNotifyRoutine
wcschr
MmGetSystemRoutineAddress
RtlAnsiStringToUnicodeString
_snprintf
IoRegisterDriverReinitialization
IofCompleteRequest

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 96B - Virtual size: 70B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

759ffb9609dce02e3dbcd91a5b42269c

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 28KB - Virtual size: 28KB

.rdata Size: 256B - Virtual size: 252B

.data Size: 7KB - Virtual size: 6KB

PAGE Size: 96B - Virtual size: 70B

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 28KB - Virtual size: 28KB

.rdata
Size: 256B - Virtual size: 252B

.data
Size: 7KB - Virtual size: 6KB

PAGE
Size: 96B - Virtual size: 70B

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB