60a6855ca042a16df99116a08026dfc6_JaffaCakes118

General

Target

60a6855ca042a16df99116a08026dfc6_JaffaCakes118
Size

17KB
MD5

60a6855ca042a16df99116a08026dfc6
SHA1

c84c26e2d9bfb3df6aa7f172743ee19bc8dee7c1
SHA256

6ee1dfd88dde7402b82e80250ad606d5634302f7c939059bdcf32dab695bba5c
SHA512

418e4f4fa1758a7350cfb4e98bcf9fcfbe4642da7eac0f752bd080d755d745eaa9b6a88c49b6ca81fae68ae32fb1b4b9dfdfd2d1e378664b07681ac459b0fcb2
SSDEEP

384:8c2aU/sp5VoHaSGv8KzNUEk3CYLJG1cOIa9+I4tmz/:MUGH5ezNUEk3XLcymz/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
60a6855ca042a16df99116a08026dfc6_JaffaCakes118

Files

60a6855ca042a16df99116a08026dfc6_JaffaCakes118
.sys windows:5 windows x86 arch:x86

45c6ef1c00fbba80cdf11ac77813b3b2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExAllocatePoolWithTag
ExFreePool
strncpy
ZwAllocateVirtualMemory
MmGetSystemRoutineAddress
KeWaitForSingleObject
KeInitializeTimer
ObfDereferenceObject
KeDetachProcess
KeAttachProcess
_stricmp
ObReferenceObjectByHandle
IoGetCurrentProcess
PsGetCurrentProcessId
MmMapLockedPages
MmProbeAndLockPages
MmBuildMdlForNonPagedPool
MmCreateMdl
PsCreateSystemThread
wcscpy
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
ZwClose
IofCompleteRequest
wcsncpy
InterlockedExchange
PsGetVersion
strncmp
_except_handler3
ZwUnmapViewOfSection
ZwMapViewOfSection
ZwCreateSection
RtlAnsiStringToUnicodeString
RtlInitAnsiString
ZwQueryInformationFile
strncat
ZwQuerySystemInformation
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
ZwQuerySymbolicLinkObject
ZwOpenSymbolicLinkObject
wcscmp
_wcsicmp
IoGetDeviceObjectPointer
ZwOpenKey
ZwReadFile
RtlInitUnicodeString
IoDeleteSymbolicLink
ZwOpenFile

hal

KfRaiseIrql
KfLowerIrql
KeGetCurrentIrql

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 480B - Virtual size: 452B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 832B - Virtual size: 818B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

45c6ef1c00fbba80cdf11ac77813b3b2

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 8KB - Virtual size: 8KB

.rdata Size: 480B - Virtual size: 452B

.data Size: 4KB - Virtual size: 4KB

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 832B - Virtual size: 818B

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 480B - Virtual size: 452B

.data
Size: 4KB - Virtual size: 4KB

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 832B - Virtual size: 818B