4aac3680e2be98cea8c9a7e4389a4fe0_JaffaCakes118

General

Target

4aac3680e2be98cea8c9a7e4389a4fe0_JaffaCakes118
Size

49KB
MD5

4aac3680e2be98cea8c9a7e4389a4fe0
SHA1

5fd990bbe2979dacfe31a94f5ec689d33363f655
SHA256

071120b5ddffe26fe3ee541de4c526f069cfb72131821a620d5a7121f093165a
SHA512

20ba2f29b007b9cc65acd67efbb0f5bfdfd08f52d7d11630b4139187806f9c7c946d5147f08f66ac401b82cbe56236c01100f618aa0ebea41a3b9fa1fd872a5a
SSDEEP

768:DMI/T0NkHUX/Cavy3wz+2gx0nAwyXnFc4U+mJfOO3r/gAzazzGHmV5zfZHa9WLOL:oI/wGHSmXenic4vm73mboQkI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4aac3680e2be98cea8c9a7e4389a4fe0_JaffaCakes118

Files

4aac3680e2be98cea8c9a7e4389a4fe0_JaffaCakes118
.sys windows:4 windows x86 arch:x86

83ce94cf168ca0b52304d3fd12b4f0df

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExFreePool
ZwClose
ZwWriteFile
ZwSetInformationFile
ZwReadFile
ExAllocatePoolWithTag
ZwQueryInformationFile
ZwCreateFile
RtlInitUnicodeString
strncmp
IoGetCurrentProcess
PsGetVersion
strncpy
MmGetSystemRoutineAddress
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
ExGetPreviousMode
ZwSetValueKey
IoRegisterDriverReinitialization
ZwQueryValueKey
ZwOpenKey
_except_handler3
IofCompleteRequest
_strnicmp
wcsncmp
wcslen
towlower
_wcsnicmp
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
wcsstr
wcscpy
ZwEnumerateKey
wcscat
KeDelayExecutionThread
PsCreateSystemThread
ZwDeleteValueKey

Sections

.text
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 160B - Virtual size: 156B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 960B - Virtual size: 954B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 928B - Virtual size: 922B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

83ce94cf168ca0b52304d3fd12b4f0df

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 40KB - Virtual size: 40KB

.data Size: 6KB - Virtual size: 6KB

PAGE Size: 160B - Virtual size: 156B

INIT Size: 960B - Virtual size: 954B

.reloc Size: 928B - Virtual size: 922B

.text
Size: 40KB - Virtual size: 40KB

.data
Size: 6KB - Virtual size: 6KB

PAGE
Size: 160B - Virtual size: 156B

INIT
Size: 960B - Virtual size: 954B

.reloc
Size: 928B - Virtual size: 922B