8a45be0e58d327a35b708599d4a8de08_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8a45be0e58d327a35b708599d4a8de08_JaffaCakes118
Size

40KB
MD5

8a45be0e58d327a35b708599d4a8de08
SHA1

78bd7ca6d7a448b17bc4a24328c0d2f5ee8aa977
SHA256

43b0299925f3874f3fe433e65dbb5f0bfd58229cb26b6b331a60f67eb7cbc3f6
SHA512

0c9d49fd580dc9e7c405bfea4e3314c2358f2324b7549cbc4756af139f29a8f0e9f0e03cb7392d308d706d17ff12d73b5b242df22df65ad9f5f02a889c9abd5f
SSDEEP

768:ADdvwFIKSNBAD3aPolMjQEq5hKqv79ACFoJUJq/ZjxA2OoxqxrYJ2+:ADdotSNY/+jwDBvDFoJUM/Z+9o8re2+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8a45be0e58d327a35b708599d4a8de08_JaffaCakes118

Files

8a45be0e58d327a35b708599d4a8de08_JaffaCakes118
.sys windows:4 windows x86 arch:x86

c9ccab9358dc88cae47ea928b6429fb5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwClose
ZwQueryValueKey
RtlInitUnicodeString
ZwOpenKey
ZwSetValueKey
_except_handler3
_stricmp
swprintf
wcsstr
_wcslwr
MmIsAddressValid
ObReferenceObjectByHandle
PsSetCreateProcessNotifyRoutine
RtlCompareUnicodeString
wcslen
strncmp
_wcsicmp
wcsncpy
wcsrchr
ZwCreateKey
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
ZwDeleteKey
IoGetCurrentProcess
IoDeviceObjectType
wcscat
wcscpy
strncpy
PsLookupProcessByProcessId
_snwprintf
wcschr
IoRegisterDriverReinitialization
_wcsnicmp
PsGetVersion
RtlCopyUnicodeString
ObfDereferenceObject
ZwSetInformationFile
ZwCreateFile
RtlAnsiStringToUnicodeString
KeTickCount
KeQueryTimeIncrement
ExFreePool
_snprintf
ExAllocatePoolWithTag
MmGetSystemRoutineAddress
IofCompleteRequest
KeDelayExecutionThread
KeQuerySystemTime
PsCreateSystemThread

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGEWMI
Size: 32B - Virtual size: 10B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGEDRV
Size: 32B - Virtual size: 8B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGESYS
Size: 32B - Virtual size: 8B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGEALL
Size: 32B - Virtual size: 3B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 64B - Virtual size: 50B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 736B - Virtual size: 712B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c9ccab9358dc88cae47ea928b6429fb5

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 28KB - Virtual size: 28KB

.data Size: 6KB - Virtual size: 6KB

PAGEWMI Size: 32B - Virtual size: 10B

PAGEDRV Size: 32B - Virtual size: 8B

PAGESYS Size: 32B - Virtual size: 8B

PAGEALL Size: 32B - Virtual size: 3B

PAGE Size: 64B - Virtual size: 50B

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 736B - Virtual size: 712B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 28KB - Virtual size: 28KB

.data
Size: 6KB - Virtual size: 6KB

PAGEWMI
Size: 32B - Virtual size: 10B

PAGEDRV
Size: 32B - Virtual size: 8B

PAGESYS
Size: 32B - Virtual size: 8B

PAGEALL
Size: 32B - Virtual size: 3B

PAGE
Size: 64B - Virtual size: 50B

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 736B - Virtual size: 712B

.reloc
Size: 1KB - Virtual size: 1KB