78e69bc417dfcdb1c23e08b86a8acd1d_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

78e69bc417dfcdb1c23e08b86a8acd1d_JaffaCakes118
Size

39KB
MD5

78e69bc417dfcdb1c23e08b86a8acd1d
SHA1

0b431d121fa32376fe4d4a82912fe92b179da144
SHA256

86d62497886f8f49556ddc153205d91e9b0d10f2018b48399d3ff7605979388a
SHA512

7314f0e6bb06e98b40a647bab835b9099211fed2db874b41433f05fc61ae9f6139a149afa596e82654dcacbf5c04c91a832ab9c8e1e78b1be3a9f1d22ba124a7
SSDEEP

768:+w+VwcJHFnfI0YPrWEmuxdf8apxG0EPLUMlSUUDkF+FYe/QITw:X+VDJHF8TVmEdf8a7jWLlgUUDK+FYeID

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
78e69bc417dfcdb1c23e08b86a8acd1d_JaffaCakes118

Files

78e69bc417dfcdb1c23e08b86a8acd1d_JaffaCakes118
.sys windows:4 windows x86 arch:x86

0614962accf16ac391dc167d74293a62

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

MmIsAddressValid
ZwSetValueKey
ZwClose
ZwCreateKey
RtlInitUnicodeString
PsCreateSystemThread
_wcsicmp
wcsncpy
wcslen
wcsrchr
swprintf
RtlAnsiStringToUnicodeString
PsSetCreateProcessNotifyRoutine
ZwDeleteKey
ZwOpenKey
IofCompleteRequest
strncmp
strncpy
PsLookupProcessByProcessId
_stricmp
ZwSetInformationFile
ZwCreateFile
wcscpy
IoRegisterDriverReinitialization
IoDeviceObjectType
IoGetCurrentProcess
_snwprintf
wcschr
RtlCompareUnicodeString
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
KeDelayExecutionThread
KeQuerySystemTime
ZwQueryValueKey
ExFreePool
ExAllocatePoolWithTag
ObfDereferenceObject
_snprintf
wcscat
MmGetSystemRoutineAddress
_wcsnicmp
ObReferenceObjectByHandle
_except_handler3
KeTickCount
KeQueryTimeIncrement
wcsstr
_wcslwr
RtlCopyUnicodeString
PsGetVersion

Sections

.text
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGEWMI
Size: 32B - Virtual size: 10B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGEDRV
Size: 32B - Virtual size: 3B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 64B - Virtual size: 56B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 736B - Virtual size: 712B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0614962accf16ac391dc167d74293a62

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 27KB - Virtual size: 27KB

.data Size: 6KB - Virtual size: 6KB

PAGEWMI Size: 32B - Virtual size: 10B

PAGEDRV Size: 32B - Virtual size: 3B

PAGE Size: 64B - Virtual size: 56B

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 736B - Virtual size: 712B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 27KB - Virtual size: 27KB

.data
Size: 6KB - Virtual size: 6KB

PAGEWMI
Size: 32B - Virtual size: 10B

PAGEDRV
Size: 32B - Virtual size: 3B

PAGE
Size: 64B - Virtual size: 56B

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 736B - Virtual size: 712B

.reloc
Size: 1KB - Virtual size: 1KB