744f224f3ef96aff0e428bb33d2097b7_JaffaCakes118

General

Target

744f224f3ef96aff0e428bb33d2097b7_JaffaCakes118
Size

6KB
MD5

744f224f3ef96aff0e428bb33d2097b7
SHA1

bac152de54f6c42c54870585c081fa4be002be35
SHA256

52559f4803ea13597a07df65ecaa86ffdba91e9cb1d51a28050927d509abef86
SHA512

01e6d71a6ff97ec75baba445a5e06776af44b2d50e99bdfe21b2e18d808f07bf1439665d8807c39ea244f7435cd92fb39d71b471c97e60fa2c7ccf47ab0e589d
SSDEEP

96:S/pnu0uuKFf2rYwM7NRvbRAX++cWy8tO:SpCfIM7NRj6A8O

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
744f224f3ef96aff0e428bb33d2097b7_JaffaCakes118

Files

744f224f3ef96aff0e428bb33d2097b7_JaffaCakes118
.sys windows:5 windows x86 arch:x86

bc067a55c21672ca8d31809a6650fc2c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\proser\objfre_wxp_x86\i386\ProSer.pdb

Imports

ntoskrnl.exe

strncpy
IoGetCurrentProcess
IofCompleteRequest
strncmp
ZwClose
ObReferenceObjectByHandle
ZwOpenProcess
wcslen
ExFreePoolWithTag
ZwQuerySystemInformation
ExAllocatePoolWithTag
_strnicmp
MmIsAddressValid
KeDetachProcess
KeAttachProcess
KeWaitForSingleObject
KeSetTimer
KeInitializeTimerEx
_allmul
PsLookupProcessByProcessId
_stricmp
KeServiceDescriptorTable
MmHighestUserAddress
ZwQueryInformationProcess
KeTickCount
KeBugCheckEx

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Init
Size: 128B - Virtual size: 82B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 205B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 640B - Virtual size: 584B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 768B - Virtual size: 728B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 896B - Virtual size: 776B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 256B - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bc067a55c21672ca8d31809a6650fc2c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Sections

.text Size: 2KB - Virtual size: 1KB

Init Size: 128B - Virtual size: 82B

.rdata Size: 256B - Virtual size: 205B

.data Size: 640B - Virtual size: 584B

INIT Size: 768B - Virtual size: 728B

.rsrc Size: 896B - Virtual size: 776B

.reloc Size: 256B - Virtual size: 232B

.text
Size: 2KB - Virtual size: 1KB

Init
Size: 128B - Virtual size: 82B

.rdata
Size: 256B - Virtual size: 205B

.data
Size: 640B - Virtual size: 584B

INIT
Size: 768B - Virtual size: 728B

.rsrc
Size: 896B - Virtual size: 776B

.reloc
Size: 256B - Virtual size: 232B