68a51721a834418217861d3a4ea90908_JaffaCakes118

General

Target

68a51721a834418217861d3a4ea90908_JaffaCakes118
Size

51KB
MD5

68a51721a834418217861d3a4ea90908
SHA1

b94152698e0bc654c8f5c503f9768dfb3bbcfe9b
SHA256

c8a0651597a8bfbe9224a13b6f490b6389639777883abc6bc7c3eeaff88d8cb5
SHA512

32f1a4dfbdb0585153b4866c8c6d9fd2dbd8c5ecb6c0bb4736702ba72cfe1bd236696d64931111a9735d24f8ca85857990555a4a0f7a1e4ef1f0236effa63e0b
SSDEEP

1536:sJSkfiQoLkCHgMsxHf4cCROuIaqsQmP/6DAKogM:qSNk3tnM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
68a51721a834418217861d3a4ea90908_JaffaCakes118

Files

68a51721a834418217861d3a4ea90908_JaffaCakes118
.sys windows:4 windows x86 arch:x86

f640eb794a59157ed7602db19083638d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwClose
wcsstr
ZwQueryValueKey
ZwOpenKey
RtlInitUnicodeString
_except_handler3
_wcsnicmp
wcslen
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
wcsncmp
towlower
strncmp
IoGetCurrentProcess
PsGetVersion
strncpy
ZwCreateFile
IoRegisterDriverReinitialization
MmGetSystemRoutineAddress
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
ExGetPreviousMode
ZwSetValueKey
ExFreePool
ExAllocatePoolWithTag
wcscat
wcscpy
PsCreateSystemThread
IofCompleteRequest
ZwEnumerateKey
KeDelayExecutionThread
_strnicmp
ZwWriteFile
ZwSetInformationFile
ZwReadFile
ZwQueryInformationFile
ZwDeleteValueKey

Sections

.text
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 288B - Virtual size: 263B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 960B - Virtual size: 954B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 928B - Virtual size: 918B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f640eb794a59157ed7602db19083638d

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 42KB - Virtual size: 42KB

.data Size: 6KB - Virtual size: 6KB

PAGE Size: 288B - Virtual size: 263B

INIT Size: 960B - Virtual size: 954B

.reloc Size: 928B - Virtual size: 918B

.text
Size: 42KB - Virtual size: 42KB

.data
Size: 6KB - Virtual size: 6KB

PAGE
Size: 288B - Virtual size: 263B

INIT
Size: 960B - Virtual size: 954B

.reloc
Size: 928B - Virtual size: 918B