6396d8eecda22a00ca2fa200b40763a7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

6396d8eecda22a00ca2fa200b40763a7_JaffaCakes118
Size

29KB
MD5

6396d8eecda22a00ca2fa200b40763a7
SHA1

beba2a43dedf5df07ba3616eb1c7c28342889399
SHA256

17f819a51a1db7e0a01655dd43d783974e33de023521a2622f4c7f912dacb87a
SHA512

4793e2a8f69234def15999020cc9c496d2253fdf6fe7ed1c277ea042db7fa0c8eea977770ce02371f7c2e15edc4bc7a05903908edf642f7598be514899630b59
SSDEEP

384:1dVO6hO4YvtdYKx4JKVOvt6Uhy79RbA3NXzWF7fJniCq1O0fOA1Ce8obOF8HuW:1dlh/eS116bvUxzgfw7OAQbW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6396d8eecda22a00ca2fa200b40763a7_JaffaCakes118

Files

6396d8eecda22a00ca2fa200b40763a7_JaffaCakes118
.sys windows:4 windows x86 arch:x86

d368faebcb2f391aef1e36acd04444f1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlInitUnicodeString
wcsrchr
memcpy
ExAllocatePoolWithTag
IoAttachDeviceToDeviceStack
ZwClose
ObfDereferenceObject
IoCreateDevice
IoGetRelatedDeviceObject
ObReferenceObjectByHandle
ZwCreateFile
swprintf
_strnicmp
IoGetCurrentProcess
strlen
wcscat
wcscpy
wcslen
RtlAnsiStringToUnicodeString
RtlInitAnsiString
IoDeleteDevice
IoCreateSymbolicLink
KeQuerySystemTime
ZwSetValueKey
ZwDeviceIoControlFile
IoDeleteSymbolicLink
ExFreePool
PsGetCurrentProcessId
_stricmp
PsLookupProcessByProcessId
PsGetCurrentThreadId
InterlockedExchange
_wcsnicmp
PsSetLoadImageNotifyRoutine
PsSetCreateProcessNotifyRoutine
KeServiceDescriptorTable
ZwOpenKey
ZwEnumerateKey
MmGetSystemRoutineAddress
memset
IoDetachDevice
KeInitializeEvent
KeSetEvent
KeWaitForSingleObject
RtlCopyUnicodeString
IofCallDriver
KeGetCurrentThread
IoAllocateIrp
IoFreeIrp
ObQueryNameString
memmove
KeUnstackDetachProcess
sprintf
ZwAllocateVirtualMemory
KeStackAttachProcess
ObOpenObjectByPointer
PsProcessType
ZwDeleteKey
ZwSetInformationFile
ZwWriteFile
ZwCreateKey
ZwQueryValueKey
ZwReadFile
ZwQueryInformationFile
wcsstr
wcschr
IofCompleteRequest
MmUnmapIoSpace
MmMapIoSpace

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 292B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d368faebcb2f391aef1e36acd04444f1

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 9KB - Virtual size: 8KB

.rdata Size: 512B - Virtual size: 292B

.data Size: 4KB - Virtual size: 3KB

PAGE Size: 8KB - Virtual size: 7KB

INIT Size: 5KB - Virtual size: 4KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 9KB - Virtual size: 8KB

.rdata
Size: 512B - Virtual size: 292B

.data
Size: 4KB - Virtual size: 3KB

PAGE
Size: 8KB - Virtual size: 7KB

INIT
Size: 5KB - Virtual size: 4KB

.reloc
Size: 1KB - Virtual size: 1KB