4b614fbf066234832bffccf2b310b4c1_JaffaCakes118

General

Target

4b614fbf066234832bffccf2b310b4c1_JaffaCakes118
Size

13KB
MD5

4b614fbf066234832bffccf2b310b4c1
SHA1

616157365aac5a33f050f6d02308af9ed969c176
SHA256

5636f5211124194e5c13c2b3accd6d8b133a44ae38c1d4b63cf5766623573566
SHA512

ffb54f35c85b9da6ed9e7380957e84bb0206e4ef87f78e57e0270b1d6b9671f436c1cff2568b7a966939ab553a7cc5b44d83cf37f61a2e67a12d10b8629d217b
SSDEEP

192:VVvhhtfHc4KVJgxQVXFP+2xVvi+0rkWAEEjEFnatMWr6JaVh8Xtd8R3k/:3h8jVao5Fvi+0rkikOatMWwaVh8dA3k

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4b614fbf066234832bffccf2b310b4c1_JaffaCakes118

Files

4b614fbf066234832bffccf2b310b4c1_JaffaCakes118
.sys windows:4 windows x86 arch:x86

c27e5d8511a466859bee1748bfd5c803

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

strstr
RtlInitUnicodeString
MmIsAddressValid
_snprintf
ExFreePool
ExAllocatePoolWithTag
ZwQuerySystemInformation
ZwMapViewOfSection
ZwClose
ZwCreateSection
ZwOpenFile
RtlAnsiStringToUnicodeString
tolower
PsTerminateSystemThread
KeDelayExecutionThread
PsCreateSystemThread
swprintf
_stricmp
strncpy
PsLookupProcessByProcessId
KeInitializeTimer
IofCompleteRequest
ZwCreateKey
wcslen
isspace
wcscat
wcscpy
strncmp
IoGetCurrentProcess
_wcsnicmp
isprint
isupper
srand
strrchr
isdigit
strchr
islower
isxdigit
atol
_wcslwr
wcsncpy
PsGetVersion
PsSetCreateProcessNotifyRoutine
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
DbgPrint
toupper
ZwCreateFile
IoRegisterDriverReinitialization
ZwSetValueKey
ZwOpenKey
ZwEnumerateKey
ZwUnmapViewOfSection

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 800B - Virtual size: 788B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c27e5d8511a466859bee1748bfd5c803

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 8KB - Virtual size: 8KB

.data Size: 2KB - Virtual size: 2KB

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 800B - Virtual size: 788B

.text
Size: 8KB - Virtual size: 8KB

.data
Size: 2KB - Virtual size: 2KB

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 800B - Virtual size: 788B