8b9fd1c70a381a486d2b486f07e1d431_JaffaCakes118

General

Target

8b9fd1c70a381a486d2b486f07e1d431_JaffaCakes118
Size

8KB
MD5

8b9fd1c70a381a486d2b486f07e1d431
SHA1

4d65b731910f615fed4dec4fda912b311c54789c
SHA256

151ca5e77e97ddebbe4c803e2f40e2ceb3804721806176c2033b1439e3465592
SHA512

74acd8e6b18d841d0540f337813c10911b6e0f3c0e8fafec7c3f109e71641ec487ca8aa9e81a507bf1376c9f55303a6d10717cf56b7e895f754c0c3a646a0ef0
SSDEEP

192:JcJM1+7WjBZqdHXNoAJtAtp2/4E5VrAO/vAghFWBxy:JCWjBZ29oytG2/423hFGxy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8b9fd1c70a381a486d2b486f07e1d431_JaffaCakes118

Files

8b9fd1c70a381a486d2b486f07e1d431_JaffaCakes118
.sys windows:5 windows x86 arch:x86

87f608b9468a0c61e849d7b00ba5a726

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoGetCurrentProcess
ZwEnumerateKey
ZwDeviceIoControlFile
ZwQueryDirectoryFile
ZwCreateKey
ZwSetValueKey
ExFreePool
strncat
ZwQuerySystemInformation
wcscmp
_except_handler3
_stricmp
PsGetVersion
RtlCompareMemory
RtlInitUnicodeString
wcslen
strncpy
DbgPrint
strncmp
KeDetachProcess
KeAttachProcess
PsLookupProcessByProcessId
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
RtlAnsiStringToUnicodeString
RtlInitAnsiString
IoDeleteDevice
IoDeleteSymbolicLink
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
IoCreateSymbolicLink
IoCreateDevice
IofCompleteRequest
ZwUnmapViewOfSection
ZwClose
ObfDereferenceObject
ExAllocatePoolWithTag

hal

KfRaiseIrql
KfLowerIrql
KeGetCurrentIrql

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 320B - Virtual size: 308B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 192B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 576B - Virtual size: 552B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

87f608b9468a0c61e849d7b00ba5a726

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 5KB - Virtual size: 5KB

.rdata Size: 320B - Virtual size: 308B

.data Size: 192B - Virtual size: 192B

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 576B - Virtual size: 552B

.text
Size: 5KB - Virtual size: 5KB

.rdata
Size: 320B - Virtual size: 308B

.data
Size: 192B - Virtual size: 192B

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 576B - Virtual size: 552B