716135362895f9c0c37ebaefa580717c_JaffaCakes118

General

Target

716135362895f9c0c37ebaefa580717c_JaffaCakes118
Size

31KB
MD5

716135362895f9c0c37ebaefa580717c
SHA1

a7095f1a3094a2f3652cd8c13bb6775832c01980
SHA256

40e4e85455d8fc94c64068f2627b152040f93dae366539d184f845545399a00f
SHA512

c7a3968cf1eec081faebdd0285349c50cb1f6b2a50a421e3f64d0238a1917a7962423f35880f0626783386d627afc3a3dc66297f9fdbac4e3d48e1efbc01f5ad
SSDEEP

768:CJNc3IHmnmG/wohScthbVwPgWd8gueQ6GUh:CJ+YHT9ohScDVWQg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
716135362895f9c0c37ebaefa580717c_JaffaCakes118

Files

716135362895f9c0c37ebaefa580717c_JaffaCakes118
.sys windows:5 windows x86 arch:x86

3d7894af9c84912f6870fbb217719fd0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExUnregisterCallback
ExFreePoolWithTag
ExVerifySuite
ExNotifyCallback
ExInitializeRundownProtection
ExAllocatePool
ExRegisterCallback
RtlDelete
strncat
ObGetObjectSecurity
ExUuidCreate
strncmp
VerSetConditionMask
ZwQuerySymbolicLinkObject
_wcsnicmp
wcsncpy
ZwPowerInformation
RtlUnicodeStringToAnsiString
ZwDeleteValueKey
RtlInitString
RtlCompareString
ZwSetInformationFile
ZwMakeTemporaryObject
wcsstr
ZwEnumerateValueKey
RtlAppendUnicodeStringToString
RtlFreeAnsiString
ZwDeleteFile
RtlCopyUnicodeString
RtlUnicodeStringToInteger
wcsncmp
ZwQueryInformationFile
ZwOpenSection
ObReferenceObjectByPointer
RtlSplay
IoAllocateMdl
ZwOpenKey
memset

Exports

Exports

_Delete_TempSysFile@4
_Insert_TmpSysFile@8

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

const
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3d7894af9c84912f6870fbb217719fd0

Headers

File Characteristics

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 3KB

.rdata Size: 512B - Virtual size: 456B

.data Size: 512B - Virtual size: 128B

const Size: 512B - Virtual size: 512B

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 22KB - Virtual size: 22KB

.reloc Size: 512B - Virtual size: 312B

.text
Size: 4KB - Virtual size: 3KB

.rdata
Size: 512B - Virtual size: 456B

.data
Size: 512B - Virtual size: 128B

const
Size: 512B - Virtual size: 512B

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 22KB - Virtual size: 22KB

.reloc
Size: 512B - Virtual size: 312B