716abc8b0b38b20c4d709a83c78502f3_JaffaCakes118

General

Target

716abc8b0b38b20c4d709a83c78502f3_JaffaCakes118
Size

11KB
MD5

716abc8b0b38b20c4d709a83c78502f3
SHA1

e772c9b3387ae7124a8d0f5863f679028e73c242
SHA256

238e1613d55094f740e1a0b0085fc83741cec8d2d5d747e090c88aa75aef09c6
SHA512

61ed35032f2977c634a605add01ed3503ddcde9569a4445552bcaf6eb9e25d267c73c5c76584fb6d89f586a33644579cee3cf3eb4d9f7068fbc79484e1555b33
SSDEEP

192:jQGDrsOsgjDuCF7WHLMQZx0mQ089KIDf0EAqHTGuluJSo1LTj7F:jheCgHxev08oUf0q6S0fj7F

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
716abc8b0b38b20c4d709a83c78502f3_JaffaCakes118

Files

716abc8b0b38b20c4d709a83c78502f3_JaffaCakes118
.sys windows:5 windows x86 arch:x86

351b042c55f43d8ecd3c3c1506f2154e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlInitUnicodeString
KeDelayExecutionThread
memset
ZwClose
ZwCreateEvent
IofCompleteRequest
PsGetCurrentProcessId
KeWaitForSingleObject
IofCallDriver
IoBuildSynchronousFsdRequest
KeInitializeEvent
IoBuildDeviceIoControlRequest
memcpy
IoDeleteSymbolicLink
IoCreateDevice
ExfInterlockedInsertTailList
ExAllocatePoolWithTag
ObfDereferenceObject
ObReferenceObjectByHandle
ObOpenObjectByName
KeInitializeSpinLock
PsCreateSystemThread
ZwSetEvent
ZwOpenEvent
PsTerminateSystemThread
ZwWaitForSingleObject
KeSetEvent
IoDeleteDevice
ExFreePoolWithTag
IoCreateSymbolicLink
ExfInterlockedRemoveHeadList
DbgPrint
RtlAnsiCharToUnicodeChar

hal

KfLowerIrql
KeGetCurrentIrql
KfRaiseIrql

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 896B - Virtual size: 852B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 896B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 994B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 406B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

351b042c55f43d8ecd3c3c1506f2154e

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 896B - Virtual size: 852B

.data Size: 896B - Virtual size: 784B

INIT Size: 1024B - Virtual size: 994B

.reloc Size: 512B - Virtual size: 406B

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 896B - Virtual size: 852B

.data
Size: 896B - Virtual size: 784B

INIT
Size: 1024B - Virtual size: 994B

.reloc
Size: 512B - Virtual size: 406B