71bfaf0d8558f8cebc463767a3879e97_JaffaCakes118

General

Target

71bfaf0d8558f8cebc463767a3879e97_JaffaCakes118
Size

39KB
MD5

71bfaf0d8558f8cebc463767a3879e97
SHA1

32d84f715529e0ce9de16f1537c7427b3b5342e4
SHA256

9224407c138c9b643db0407fa86933bae260d4a2f777aed4a2481c8fd82b6b0e
SHA512

210caf01d540ec6b7e9fbe164d3f5347c26bca5d83e0e75c3f7c8cea4e2ebe2daecd3b6ad86cc3c7ebb777df7c22f02c1dc5aa6a55452e0863b1eb3e0b435877
SSDEEP

768:r2XYSikC49eQjxyzPyn4sqs10OdJ5Kl8yM71iEkJceeLe8QEEh+oxwh2eD:sv1C49eQj4KnEW3dJ5KxM4iBQEEh+n2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
71bfaf0d8558f8cebc463767a3879e97_JaffaCakes118

Files

71bfaf0d8558f8cebc463767a3879e97_JaffaCakes118
.sys windows:4 windows x86 arch:x86

05ff3a61181580aaee43534ba59397bd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwClose
ZwQueryValueKey
RtlInitUnicodeString
ZwOpenKey
ZwSetValueKey
_except_handler3
ExFreePool
ExAllocatePoolWithTag
ObfDereferenceObject
RtlCopyUnicodeString
wcsstr
_wcslwr
swprintf
_stricmp
_wcsnicmp
wcslen
strncpy
PsLookupProcessByProcessId
RtlAnsiStringToUnicodeString
ZwSetInformationFile
ZwCreateFile
wcscpy
KeDelayExecutionThread
KeQuerySystemTime
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
_snwprintf
ObReferenceObjectByHandle
IoGetCurrentProcess
ZwCreateKey
_snprintf
ZwDeleteKey
wcsncpy
MmIsAddressValid
PsGetVersion
PsSetCreateProcessNotifyRoutine
wcscat
_wcsicmp
RtlCompareUnicodeString
wcsrchr
IoDeviceObjectType
IofCompleteRequest
strncmp
IoRegisterDriverReinitialization
MmGetSystemRoutineAddress
PsCreateSystemThread
wcschr
KeTickCount
KeQueryTimeIncrement

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 64B - Virtual size: 61B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

05ff3a61181580aaee43534ba59397bd

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 28KB - Virtual size: 28KB

.rdata Size: 256B - Virtual size: 252B

.data Size: 6KB - Virtual size: 6KB

PAGE Size: 64B - Virtual size: 61B

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 28KB - Virtual size: 28KB

.rdata
Size: 256B - Virtual size: 252B

.data
Size: 6KB - Virtual size: 6KB

PAGE
Size: 64B - Virtual size: 61B

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB