824c19c3e96be24115fbc34fbc369678_JaffaCakes118

General

Target

824c19c3e96be24115fbc34fbc369678_JaffaCakes118
Size

48KB
MD5

824c19c3e96be24115fbc34fbc369678
SHA1

38b5ab84f3d60a6bca0131ced887e6af2f06f4f2
SHA256

a5bf37681f76f65aedba7f7683cc41440455d4a470f84d8d6b4e3c885b549983
SHA512

d30d5bcd6d187d26fb5e888fc10b7f3d709c35cebf393b98baba8f753da13bbdaad08bc449816e7eeba79c2f06b858b9f9ccab714d0e13ba9031bacf62eb00f6
SSDEEP

768:qv/DXCVq1EpdiMBCsunai3oOAzAdVTMrADiTPTjioe0ean6c5Xb:YjC3sL3AvdPI04cR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
824c19c3e96be24115fbc34fbc369678_JaffaCakes118

Files

824c19c3e96be24115fbc34fbc369678_JaffaCakes118
.sys windows:4 windows x86 arch:x86

5b7f3c895666693ae72a8ebe2fbdac6d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlInitUnicodeString
wcscat
wcscpy
PsGetVersion
_wcslwr
wcsncpy
RtlAnsiStringToUnicodeString
MmIsAddressValid
KeDelayExecutionThread
ZwClose
ZwCreateKey
wcslen
swprintf
ZwCreateFile
IoRegisterDriverReinitialization
_snprintf
ExFreePool
ExAllocatePoolWithTag
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
PsTerminateSystemThread
_stricmp
strncpy
PsLookupProcessByProcessId
KeInitializeTimer
IofCompleteRequest
ZwSetValueKey
ZwOpenKey
ZwEnumerateKey
strncmp
IoGetCurrentProcess
_wcsnicmp
MmGetSystemRoutineAddress
ZwUnmapViewOfSection

Sections

.text
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 128B - Virtual size: 112B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 864B - Virtual size: 834B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 928B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 736B - Virtual size: 722B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5b7f3c895666693ae72a8ebe2fbdac6d

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 40KB - Virtual size: 40KB

.data Size: 3KB - Virtual size: 3KB

PAGE Size: 128B - Virtual size: 112B

INIT Size: 864B - Virtual size: 834B

.rsrc Size: 928B - Virtual size: 912B

.reloc Size: 736B - Virtual size: 722B

.text
Size: 40KB - Virtual size: 40KB

.data
Size: 3KB - Virtual size: 3KB

PAGE
Size: 128B - Virtual size: 112B

INIT
Size: 864B - Virtual size: 834B

.rsrc
Size: 928B - Virtual size: 912B

.reloc
Size: 736B - Virtual size: 722B