788d3087e7137a0658ba5c198a855024_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

788d3087e7137a0658ba5c198a855024_JaffaCakes118
Size

40KB
MD5

788d3087e7137a0658ba5c198a855024
SHA1

b52b26be28582fefa7afde058993fa65e71eb0ff
SHA256

195a499405c70828abd5a02fe928b5fb2b14deecfb134a280e338b8bb7f752e1
SHA512

6964d8f7f3f48f5cefa7e682f47b1a631e46c3769fd5b6ef7f8da452c659669c93bb9fab0fe49f0d17a317b8ffd35da77f85db5425160656407b93bac1a352eb
SSDEEP

768:/boyapsT14ybipvyAC8ijXmXNqNkcA/5gdIePOUahKxAZhcTAR:/M9OTKybipvyAijXcwZIePOUanfCy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
788d3087e7137a0658ba5c198a855024_JaffaCakes118

Files

788d3087e7137a0658ba5c198a855024_JaffaCakes118
.sys windows:4 windows x86 arch:x86

d7fc6950afcfaadc62e2229a735c10e0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlAnsiStringToUnicodeString
ZwClose
swprintf
ZwOpenKey
RtlInitUnicodeString
_snwprintf
wcsncpy
wcslen
wcschr
ZwSetValueKey
ObReferenceObjectByHandle
ObfDereferenceObject
ExFreePool
ExAllocatePoolWithTag
wcsstr
_wcslwr
_wcsnicmp
strncpy
IoGetCurrentProcess
ZwDeleteKey
ZwSetInformationFile
ZwCreateFile
wcscpy
ZwQueryValueKey
_except_handler3
PsGetVersion
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
strncmp
KeDelayExecutionThread
KeQuerySystemTime
MmIsAddressValid
wcsrchr
_stricmp
IofCompleteRequest
wcscat
ZwCreateKey
IoDeviceObjectType
_wcsicmp
MmGetSystemRoutineAddress
IoRegisterDriverReinitialization
RtlCompareUnicodeString
_snprintf
KeTickCount
KeQueryTimeIncrement
RtlCopyUnicodeString
PsLookupProcessByProcessId
PsSetCreateProcessNotifyRoutine
PsCreateSystemThread

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGEWMI
Size: 32B - Virtual size: 10B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGEDRV
Size: 32B - Virtual size: 8B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGESYS
Size: 32B - Virtual size: 3B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 96B - Virtual size: 77B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d7fc6950afcfaadc62e2229a735c10e0

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 28KB - Virtual size: 28KB

.rdata Size: 256B - Virtual size: 252B

.data Size: 7KB - Virtual size: 7KB

PAGEWMI Size: 32B - Virtual size: 10B

PAGEDRV Size: 32B - Virtual size: 8B

PAGESYS Size: 32B - Virtual size: 3B

PAGE Size: 96B - Virtual size: 77B

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 28KB - Virtual size: 28KB

.rdata
Size: 256B - Virtual size: 252B

.data
Size: 7KB - Virtual size: 7KB

PAGEWMI
Size: 32B - Virtual size: 10B

PAGEDRV
Size: 32B - Virtual size: 8B

PAGESYS
Size: 32B - Virtual size: 3B

PAGE
Size: 96B - Virtual size: 77B

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB