83ad77ee04811cd94e46e6edb2f402fc_JaffaCakes118

General

Target

83ad77ee04811cd94e46e6edb2f402fc_JaffaCakes118
Size

8KB
MD5

83ad77ee04811cd94e46e6edb2f402fc
SHA1

3357b7843a632de9a4db365c8171c576966608b0
SHA256

008b7a5fb310bff095e376688cb1df15e3bca0b0ec5b4e098a989da722beb6be
SHA512

f669b2dd5394bcca1f5d662a160022f705ab4878c7816015884c66a9f6725a4a5fb3c675a9e69e570d699afa12a8469e1c9afb9597ca7c551a701db2ec13a8fc
SSDEEP

192:JcJs1+7WjBZqdHXNoAJtAtpz/4E5VrAO/vAghFWBxy:JiWjBZ29oytGz/423hFGxy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
83ad77ee04811cd94e46e6edb2f402fc_JaffaCakes118

Files

83ad77ee04811cd94e46e6edb2f402fc_JaffaCakes118
.sys windows:5 windows x86 arch:x86

87f608b9468a0c61e849d7b00ba5a726

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoGetCurrentProcess
ZwEnumerateKey
ZwDeviceIoControlFile
ZwQueryDirectoryFile
ZwCreateKey
ZwSetValueKey
ExFreePool
strncat
ZwQuerySystemInformation
wcscmp
_except_handler3
_stricmp
PsGetVersion
RtlCompareMemory
RtlInitUnicodeString
wcslen
strncpy
DbgPrint
strncmp
KeDetachProcess
KeAttachProcess
PsLookupProcessByProcessId
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
RtlAnsiStringToUnicodeString
RtlInitAnsiString
IoDeleteDevice
IoDeleteSymbolicLink
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
IoCreateSymbolicLink
IoCreateDevice
IofCompleteRequest
ZwUnmapViewOfSection
ZwClose
ObfDereferenceObject
ExAllocatePoolWithTag

hal

KfRaiseIrql
KfLowerIrql
KeGetCurrentIrql

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 320B - Virtual size: 308B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 192B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 576B - Virtual size: 552B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

87f608b9468a0c61e849d7b00ba5a726

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 5KB - Virtual size: 5KB

.rdata Size: 320B - Virtual size: 308B

.data Size: 192B - Virtual size: 192B

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 576B - Virtual size: 552B

.text
Size: 5KB - Virtual size: 5KB

.rdata
Size: 320B - Virtual size: 308B

.data
Size: 192B - Virtual size: 192B

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 576B - Virtual size: 552B