838f5b101afdd12793bb3c3a305a458a_JaffaCakes118

General

Target

838f5b101afdd12793bb3c3a305a458a_JaffaCakes118
Size

19KB
MD5

838f5b101afdd12793bb3c3a305a458a
SHA1

c0b442e7c53309365bd5802df4d6522688b0d289
SHA256

44ec33884349ddbe65eb68812be56eb01db0233ffcefd59601ae9e2eed17977d
SHA512

3abd7e4aa568f712c380135efb04db6d82cf1868531effb0cbd9daecc06e3a2a65c7b19c5b4bb2238924092e5cdfc9f75ba6172c45716b52514ec4296bc7f541
SSDEEP

384:HHzo7X5BoTs9yxVNg1LL4jSg7EKqfXWX+3t4moNxsjv9hPr2C:ziqTs2vgR4tqvWu3PoNxW1Q

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
838f5b101afdd12793bb3c3a305a458a_JaffaCakes118

Files

838f5b101afdd12793bb3c3a305a458a_JaffaCakes118
.sys windows:4 windows x86 arch:x86

74f59ecd77e23ba9b9961467b5bf75c8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExInitializeRundownProtection
RtlImageNtHeader
RtlFindLongestRunClear
PsRestoreImpersonation
strcmp
CcRemapBcb
FsRtlInitializeMcb
IoCreateSymbolicLink
RtlAppendUnicodeStringToString
IoReportResourceForDetection
CcGetDirtyPages
FsRtlNotifyFilterChangeDirectory
CcPurgeCacheSection
KeInsertQueueDpc
MmIsAddressValid
FsRtlIsNtstatusExpected
NtDuplicateObject
RtlInt64ToUnicodeString
NtAllocateUuids
ExFreePoolWithTag
READ_REGISTER_BUFFER_ULONG
ZwCreateFile
RtlReserveChunk
FsRtlLookupLastLargeMcbEntry
ZwDisplayString
ZwQueryInformationProcess
KeStackAttachProcess
DbgPrint
IoWritePartitionTableEx
KdDebuggerEnabled
ExAllocatePool
strchr

Exports

Exports

WoyCnwaIhmpk
OgsweglTguefMoyqm
FyeilcVfiuevsZkidrv

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.INIT
Size: 1024B - Virtual size: 884B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

74f59ecd77e23ba9b9961467b5bf75c8

Headers

File Characteristics

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 7KB - Virtual size: 7KB

.data Size: - Virtual size: 4B

.INIT Size: 1024B - Virtual size: 884B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 80B

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 7KB - Virtual size: 7KB

.data
Size: - Virtual size: 4B

.INIT
Size: 1024B - Virtual size: 884B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 80B