4c81358827e6c7f159f0f99963a0ac8c_JaffaCakes118

General

Target

4c81358827e6c7f159f0f99963a0ac8c_JaffaCakes118
Size

20KB
MD5

4c81358827e6c7f159f0f99963a0ac8c
SHA1

1bbc152cd539fb5dc9b54b12b56dd49915f3c39b
SHA256

5adb434f52e625e76bac1e8860dfea28dc2afaefe8a9c4e117c1e9aa2f904685
SHA512

5e8ec8b739f5882aacc631fe8ce654461776e6eafa4198aad549ac32efd7daaacaff34f08dfa7b228da819f2c456baed2307b9d28bf417f0ec58e5ac0d1269f1
SSDEEP

384:uwH9G1JcpVaT8Ei/FWbTYvoy2nV/LJLq/IIFgA5:uK9G1+naTHYvolPx4g

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4c81358827e6c7f159f0f99963a0ac8c_JaffaCakes118

Files

4c81358827e6c7f159f0f99963a0ac8c_JaffaCakes118
.sys windows:4 windows x86 arch:x86

0ec3072b4abefd288f8cbfec7440397f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

MmAllocateNonCachedMemory
strrchr
IoForwardIrpSynchronously
PoStartNextPowerIrp
ExAcquireResourceSharedLite
ZwWriteFile
ExFreePoolWithTag
RtlImageNtHeader
RtlSplay
SeTokenIsAdmin
ExAllocatePool
RtlLockBootStatusData
strcmp
PsGetProcessInheritedFromUniqueProcessId
PsJobType
FsRtlAreNamesEqual
RtlDeleteAce
ZwOpenTimer
PsGetProcessWin32WindowStation
_wcsupr
KeRegisterBugCheckCallback
ZwYieldExecution
SeCreateClientSecurityFromSubjectContext
FsRtlCurrentBatchOplock
ExInterlockedAddLargeInteger
RtlCreateAcl
RtlTimeToSecondsSince1970
RtlGetCallersAddress
IoForwardAndCatchIrp
ZwQueryObject
IoSetDeviceInterfaceState
RtlOemToUnicodeN

Exports

Exports

AtgppuwOviiAwm
CsyPsnyCgjdycTl
BehwcHj

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.kdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data32
Size: 512B - Virtual size: 196B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 882B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0ec3072b4abefd288f8cbfec7440397f

Headers

File Characteristics

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 3KB - Virtual size: 3KB

.rdata Size: 5KB - Virtual size: 4KB

.kdata Size: 5KB - Virtual size: 4KB

.data32 Size: 512B - Virtual size: 196B

INIT Size: 1024B - Virtual size: 882B

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 512B - Virtual size: 48B

.text
Size: 3KB - Virtual size: 3KB

.rdata
Size: 5KB - Virtual size: 4KB

.kdata
Size: 5KB - Virtual size: 4KB

.data32
Size: 512B - Virtual size: 196B

INIT
Size: 1024B - Virtual size: 882B

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 512B - Virtual size: 48B