7488bf509be7420c53fa149f6b724d08_JaffaCakes118

General

Target

7488bf509be7420c53fa149f6b724d08_JaffaCakes118
Size

19KB
MD5

7488bf509be7420c53fa149f6b724d08
SHA1

e6d16d8d6c57270d8ce52e0b7a182f9f79a63f2e
SHA256

6021e8a99afb0b8158280bc81bbf5477f05051ec0c80d14d983216779cae65fd
SHA512

b56eed870eeccf55773aa12e32deb2964bca5efb0df80b78f70c6a711d3112a07fa399d51146c5055f8ddd433a7d9356f6efe2752f887e385b20a72b9e8e6f46
SSDEEP

384:J6Vv+QFrRauepDy+2+i5nUgw7cKxNhbOeJgG0bqmcK:0Vv+GcY1+i5b2xNVR9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7488bf509be7420c53fa149f6b724d08_JaffaCakes118

Files

7488bf509be7420c53fa149f6b724d08_JaffaCakes118
.sys windows:4 windows x86 arch:x86

a13fffb0b9f4b740d4c3d0bd72e649ac

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ObReferenceObjectByHandle
CcDeferWrite
RtlFreeUnicodeString
ExInitializeRundownProtection
XIPDispatch
PsGetJobSessionId
MmUserProbeAddress
KeReadStateMutex
IoVerifyVolume
memset
RtlCompareUnicodeString
ZwOpenEvent
RtlAnsiStringToUnicodeString
RtlCaptureStackBackTrace
RtlInitializeGenericTableAvl
ZwSetInformationFile
CcCopyWrite
_CIsin
strcmp
KeInitializeTimerEx
_strrev
NtQueryInformationFile
Ke386SetIoAccessMap
RtlFillMemory
mbtowc
PsGetCurrentProcessSessionId
KeInsertByKeyDeviceQueue
memcpy
RtlImageNtHeader
RtlEnumerateGenericTable
RtlInitString
IoCreateStreamFileObject
InitSafeBootMode
CcFlushCache
KeReleaseMutex
ExFreePoolWithTag
DbgPrint
FsRtlNotifyReportChange
ZwSetVolumeInformationFile
PsGetProcessExitTime
ExAllocatePool
RtlInitializeUnicodePrefix

Exports

Exports

PoDmjd
XjImjyyxKdwavHqv
XgsEhxxYl

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a13fffb0b9f4b740d4c3d0bd72e649ac

Headers

File Characteristics

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 3KB - Virtual size: 2KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: - Virtual size: 4B

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 64B

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: - Virtual size: 4B

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 64B