5afb31e9e84e21810acd34ed420f65f4_JaffaCakes118

General

Target

5afb31e9e84e21810acd34ed420f65f4_JaffaCakes118
Size

48KB
MD5

5afb31e9e84e21810acd34ed420f65f4
SHA1

875c772a2a32d184cd335824837249af3c16b9ee
SHA256

276d9b39523212adce1e0bba09a83a0490dbcfa70ecf1e1ac071add714f33ff7
SHA512

f8fdf79eb671f000c6554afa94e89ab640be26b4606a2e01a4fd1700d7ea1d6c6174ccb126bc2b93e855ef50cddada4636bd7b4453c0f3918491fee461f615ab
SSDEEP

768:xGHmct4JGpMJedYruWgT5p8Loa2rr7SEqrK9QLKnPkoiGNywFtFAQdilLgxUV:cx6MHGiqz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5afb31e9e84e21810acd34ed420f65f4_JaffaCakes118

Files

5afb31e9e84e21810acd34ed420f65f4_JaffaCakes118
.sys windows:4 windows x86 arch:x86

279e7a68173627a5fc8e6ce77c0c989b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlInitUnicodeString
PsGetVersion
_wcslwr
wcsncpy
ZwCreateFile
ZwSetValueKey
ZwClose
ZwOpenKey
ZwEnumerateKey
PsTerminateSystemThread
wcscat
wcscpy
_stricmp
strncpy
PsLookupProcessByProcessId
ExAllocatePoolWithTag
KeInitializeTimer
IofCompleteRequest
MmIsAddressValid
ZwUnmapViewOfSection
swprintf
strncmp
IoGetCurrentProcess
_wcsnicmp
wcslen
_snprintf
ExFreePool
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
ZwCreateKey
IoRegisterDriverReinitialization
RtlAnsiStringToUnicodeString
MmGetSystemRoutineAddress

Sections

.text
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 160B - Virtual size: 139B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 832B - Virtual size: 804B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 928B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 736B - Virtual size: 722B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

279e7a68173627a5fc8e6ce77c0c989b

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 41KB - Virtual size: 41KB

.data Size: 3KB - Virtual size: 3KB

PAGE Size: 160B - Virtual size: 139B

INIT Size: 832B - Virtual size: 804B

.rsrc Size: 928B - Virtual size: 912B

.reloc Size: 736B - Virtual size: 722B

.text
Size: 41KB - Virtual size: 41KB

.data
Size: 3KB - Virtual size: 3KB

PAGE
Size: 160B - Virtual size: 139B

INIT
Size: 832B - Virtual size: 804B

.rsrc
Size: 928B - Virtual size: 912B

.reloc
Size: 736B - Virtual size: 722B