60b18f6744c264e28f825d8628566608_JaffaCakes118

General

Target

60b18f6744c264e28f825d8628566608_JaffaCakes118
Size

40KB
MD5

60b18f6744c264e28f825d8628566608
SHA1

d97ebf3e6df614eba58b74dac0afd6786fd2fea8
SHA256

41cd13d8fcbbda7b59d3c7df9ce464669906f210bbba14e20001d084e2781cbb
SHA512

395bce7bd2ca3978a6b5c507e10d44d0797e4f250ff044cee27c2a5382a0704c3e7fbde84f18dd98acc4f87e4395bf38aa5e7bd44fb2a08bc356c36aeeb326ae
SSDEEP

768:o6nLp5ErH5LK3JCux3d01ENAYzqIlgwk+Bsps85cXjzs85:ogLp6HIZCK01E6klRBspspjY8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
60b18f6744c264e28f825d8628566608_JaffaCakes118

Files

60b18f6744c264e28f825d8628566608_JaffaCakes118
.sys windows:4 windows x86 arch:x86

3c7a3dc1ee10400e49f26b6b6fb46e35

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwClose
PsGetVersion
MmIsAddressValid
_snwprintf
wcsncpy
wcslen
wcschr
ZwDeleteKey
ZwOpenKey
RtlInitUnicodeString
swprintf
wcscat
wcscpy
_wcsicmp
ZwQueryValueKey
_except_handler3
ZwSetValueKey
IoGetCurrentProcess
ObfDereferenceObject
wcsstr
_wcslwr
RtlCompareUnicodeString
ZwCreateFile
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
PsCreateSystemThread
RtlCopyUnicodeString
KeQuerySystemTime
ExAllocatePoolWithTag
_stricmp
RtlAnsiStringToUnicodeString
ZwCreateKey
KeTickCount
KeQueryTimeIncrement
ObReferenceObjectByHandle
strncpy
PsLookupProcessByProcessId
wcsrchr
IoDeviceObjectType
IofCompleteRequest
ExFreePool
PsSetCreateProcessNotifyRoutine
IoRegisterDriverReinitialization
_wcsnicmp
ZwSetInformationFile
MmGetSystemRoutineAddress
strncmp
_snprintf
KeDelayExecutionThread

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 64B - Virtual size: 50B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3c7a3dc1ee10400e49f26b6b6fb46e35

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 28KB - Virtual size: 28KB

.rdata Size: 256B - Virtual size: 252B

.data Size: 7KB - Virtual size: 6KB

PAGE Size: 64B - Virtual size: 50B

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 28KB - Virtual size: 28KB

.rdata
Size: 256B - Virtual size: 252B

.data
Size: 7KB - Virtual size: 6KB

PAGE
Size: 64B - Virtual size: 50B

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB