68164f1c69f894c72cf3641b0a6f9a7b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

68164f1c69f894c72cf3641b0a6f9a7b_JaffaCakes118
Size

41KB
MD5

68164f1c69f894c72cf3641b0a6f9a7b
SHA1

1036027b8c5571a927fdad7dda6e6f6bdb702584
SHA256

41f0ef0e3323735551b1061a1a71aab8dcfa02ba3610914fb95e729d5496cf46
SHA512

24792b8a944e456ceca3a6bfcce0e701366dcbb70ff3c975061096ed0b5fe3951ad7448c53ef6015c9551360139582e334b37533a92292f20176e52a01a8686f
SSDEEP

768:wdisJFdyIWuE7tBPlPLSwexsOzCkk9VukBw12oH70RP5uYD5kfchztVBHN3q:S7fyIWu+tBNPFeaOoV870J5u9UJtVBH9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
68164f1c69f894c72cf3641b0a6f9a7b_JaffaCakes118

Files

68164f1c69f894c72cf3641b0a6f9a7b_JaffaCakes118
.sys windows:4 windows x86 arch:x86

1e58cf2bf0699e0866087018f7d1056e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlInitUnicodeString
ZwClose
ZwDeleteKey
swprintf
ZwSetValueKey
wcslen
ZwQueryValueKey
ZwOpenKey
_except_handler3
MmIsAddressValid
strncpy
PsLookupProcessByProcessId
_stricmp
ZwSetInformationFile
ZwCreateFile
wcscpy
ObfDereferenceObject
ObReferenceObjectByHandle
wcsncpy
wcsrchr
wcscat
_wcsicmp
KeTickCount
KeQueryTimeIncrement
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
PsSetCreateProcessNotifyRoutine
PsCreateSystemThread
RtlAnsiStringToUnicodeString
RtlCompareUnicodeString
_wcsnicmp
KeQuerySystemTime
strncmp
MmGetSystemRoutineAddress
ZwCreateKey
RtlCopyUnicodeString
_snwprintf
wcschr
IoDeviceObjectType
ExFreePool
_snprintf
ExAllocatePoolWithTag
IoGetCurrentProcess
wcsstr
_wcslwr
PsGetVersion
IoRegisterDriverReinitialization
KeDelayExecutionThread
IofCompleteRequest

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGEWMI
Size: 32B - Virtual size: 10B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGEDRV
Size: 32B - Virtual size: 8B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGESYS
Size: 32B - Virtual size: 8B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGEALL
Size: 32B - Virtual size: 8B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGEDATA
Size: 32B - Virtual size: 3B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 96B - Virtual size: 66B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 736B - Virtual size: 712B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1e58cf2bf0699e0866087018f7d1056e

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 28KB - Virtual size: 28KB

.data Size: 6KB - Virtual size: 6KB

PAGEWMI Size: 32B - Virtual size: 10B

PAGEDRV Size: 32B - Virtual size: 8B

PAGESYS Size: 32B - Virtual size: 8B

PAGEALL Size: 32B - Virtual size: 8B

PAGEDATA Size: 32B - Virtual size: 3B

PAGE Size: 96B - Virtual size: 66B

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 736B - Virtual size: 712B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 28KB - Virtual size: 28KB

.data
Size: 6KB - Virtual size: 6KB

PAGEWMI
Size: 32B - Virtual size: 10B

PAGEDRV
Size: 32B - Virtual size: 8B

PAGESYS
Size: 32B - Virtual size: 8B

PAGEALL
Size: 32B - Virtual size: 8B

PAGEDATA
Size: 32B - Virtual size: 3B

PAGE
Size: 96B - Virtual size: 66B

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 736B - Virtual size: 712B

.reloc
Size: 1KB - Virtual size: 1KB