663e55af3bfe214235a467bf063db71d_JaffaCakes118

General

Target

663e55af3bfe214235a467bf063db71d_JaffaCakes118
Size

50KB
MD5

663e55af3bfe214235a467bf063db71d
SHA1

d0dc7f68faa9b3648166f0d37574b1c6bed7e558
SHA256

73e3c7c5d75f1fcb538bcc1e26f8e3bb8a5f171378a0fd2c457466cfee8a7835
SHA512

c331056f9c9846d92637127ec1dd94f6d5e990cce1d68cc957e29d3d35e5b8282a2016fc4c9f8f709f8a4aee51c0b4babdc44a6cf507824fbd2e5ea2d06816b1
SSDEEP

768:4ZDHB68s1XLldCRN/FCnYhE/JUfC4vDVprRWzPwukVKzS/zp//7za7Ow9IQANMIb:4tHt/3VKqTNzOat

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
663e55af3bfe214235a467bf063db71d_JaffaCakes118

Files

663e55af3bfe214235a467bf063db71d_JaffaCakes118
.sys windows:4 windows x86 arch:x86

7507752f72d8b411f49fdc0fd7cea415

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

_strnicmp
IofCompleteRequest
IoGetCurrentProcess
ZwClose
ZwQueryValueKey
ZwOpenKey
RtlInitUnicodeString
_except_handler3
strncmp
PsGetVersion
strncpy
_wcsnicmp
wcslen
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
MmGetSystemRoutineAddress
wcsstr
wcsncmp
towlower
ZwCreateFile
IoRegisterDriverReinitialization
ExFreePool
ZwWriteFile
ZwSetInformationFile
ZwReadFile
ExAllocatePoolWithTag
ZwQueryInformationFile
wcscat
wcscpy
PsCreateSystemThread
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
ExGetPreviousMode
ZwSetValueKey
ZwDeleteValueKey
KeDelayExecutionThread
ZwEnumerateKey

Sections

.text
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 256B - Virtual size: 241B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 960B - Virtual size: 954B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 928B - Virtual size: 922B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7507752f72d8b411f49fdc0fd7cea415

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 42KB - Virtual size: 42KB

.data Size: 5KB - Virtual size: 5KB

PAGE Size: 256B - Virtual size: 241B

INIT Size: 960B - Virtual size: 954B

.reloc Size: 928B - Virtual size: 922B

.text
Size: 42KB - Virtual size: 42KB

.data
Size: 5KB - Virtual size: 5KB

PAGE
Size: 256B - Virtual size: 241B

INIT
Size: 960B - Virtual size: 954B

.reloc
Size: 928B - Virtual size: 922B