722d50bedb3b663d8f4a9e6838c3128f_JaffaCakes118

General

Target

722d50bedb3b663d8f4a9e6838c3128f_JaffaCakes118
Size

98KB
MD5

722d50bedb3b663d8f4a9e6838c3128f
SHA1

57a70472a6c79d4d2a76f796c43741dd76b3c4d6
SHA256

2e582f1b700a4bad986953e56c6529edcabc60d131deef6f707a50b8343aacf6
SHA512

2d6fbb8e903d5aa5c2c590fb5949014c165bf0d1095cf57526f68d4244c33c18c25eedb96c8e2b75e86679cd3f2283fd896d03eeec080556a36a1580b00cf70d
SSDEEP

3072:CUugX0vPOJFtpAWz+34lacBXkD0E8Ct+GztSixaD:nTFtpAWDhteF7t5tzx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
722d50bedb3b663d8f4a9e6838c3128f_JaffaCakes118

Files

722d50bedb3b663d8f4a9e6838c3128f_JaffaCakes118
.sys windows:5 windows x86 arch:x86

6d05404748f6106b3e03cd63bdbcb796

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

CcZeroData
ExSetResourceOwnerPointer
ExEventObjectType
IoWMIWriteEvent
ZwQueryDefaultLocale
ZwQuerySystemInformation
RtlUnicodeStringToOemSize
SeReleaseSecurityDescriptor
RtlUnicodeToMultiByteSize
KeDetachProcess
ExFreePool
IoDeleteDevice
IoDeleteController
ExQueueWorkItem
FsRtlUninitializeLargeMcb
MmUnmapVideoDisplay
ExInterlockedPushEntrySList
_wcsupr
ExInterlockedInsertTailList
ExAllocatePool
IoRequestDeviceEject
strspn
KiDispatchInterrupt
RtlDecompressBuffer
IoSetShareAccess
KeIsExecutingDpc
RtlGenerate8dot3Name
IoQueueThreadIrp
KeSetKernelStackSwapEnable
MmTrimAllSystemPagableMemory
FsRtlIsHpfsDbcsLegal
CcMdlRead
SeUnregisterLogonSessionTerminatedRoutine
ZwSetSystemTime
RtlAreAllAccessesGranted
IoIsValidNameGraftingBuffer
IoReportHalResourceUsage
RtlCopySid
RtlPrefixUnicodeString
RtlPrefetchMemoryNonTemporal
RtlAreAnyAccessesGranted

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6d05404748f6106b3e03cd63bdbcb796

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 9KB - Virtual size: 9KB

.data Size: 80KB - Virtual size: 80KB

.idata Size: 1KB - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 9KB - Virtual size: 9KB

.data
Size: 80KB - Virtual size: 80KB

.idata
Size: 1KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 3KB