6f9eb4f44c1ddec3a2f2a721935b9299_JaffaCakes118

General

Target

6f9eb4f44c1ddec3a2f2a721935b9299_JaffaCakes118
Size

36KB
MD5

6f9eb4f44c1ddec3a2f2a721935b9299
SHA1

566c9d0ecbda2696c6df32819772704d0bd0b5fd
SHA256

92f18890b8b3ec465f8fb537cf9af3af2f2e434abe248f6d00d4d2d184f318a2
SHA512

df50aafe4201af603a4e5b4f772f0768fd9258e4f37cfc825cbf28842ad1401396dc6c0910c090bc99bb59f813f8c1b9777a726f57f288807f0b8c553a9118ad
SSDEEP

768:qU6hwXP1kM0iZ3DUwau4AI9rLntgHJm/4OHcQzzkffGWOq:qUz/1kkpDCu4ZtX/bt6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6f9eb4f44c1ddec3a2f2a721935b9299_JaffaCakes118

Files

6f9eb4f44c1ddec3a2f2a721935b9299_JaffaCakes118
.sys windows:4 windows x86 arch:x86

2f1d8dfb5cc300168ef449d17b3e37cc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwClose
ZwSetValueKey
ZwCreateKey
RtlInitUnicodeString
_stricmp
strncpy
PsLookupProcessByProcessId
_wcsnicmp
wcslen
IofCompleteRequest
ZwSetInformationFile
ZwCreateFile
wcscpy
swprintf
wcsncpy
wcsrchr
ZwQueryValueKey
ZwOpenKey
_except_handler3
wcsstr
_wcslwr
wcscat
_snwprintf
wcschr
PsCreateSystemThread
KeDelayExecutionThread
KeQuerySystemTime
IoRegisterDriverReinitialization
PsSetCreateProcessNotifyRoutine
RtlCompareUnicodeString
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
_wcsicmp
MmGetSystemRoutineAddress
KeTickCount
strncmp
IoGetCurrentProcess
ExFreePool
_snprintf
ExAllocatePoolWithTag
MmIsAddressValid
IoDeviceObjectType
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
ZwDeleteKey
KeQueryTimeIncrement
ZwQueryKey
RtlCopyUnicodeString
RtlAnsiStringToUnicodeString

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 96B - Virtual size: 76B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 640B - Virtual size: 616B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2f1d8dfb5cc300168ef449d17b3e37cc

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 25KB - Virtual size: 25KB

.data Size: 5KB - Virtual size: 5KB

PAGE Size: 96B - Virtual size: 76B

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 640B - Virtual size: 616B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 25KB - Virtual size: 25KB

.data
Size: 5KB - Virtual size: 5KB

PAGE
Size: 96B - Virtual size: 76B

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 640B - Virtual size: 616B

.reloc
Size: 1KB - Virtual size: 1KB