8bef026bce0e3298d08043682c5d6a36_JaffaCakes118

General

Target

8bef026bce0e3298d08043682c5d6a36_JaffaCakes118
Size

820KB
MD5

8bef026bce0e3298d08043682c5d6a36
SHA1

0be637f08d4e91422314a8600d6646236329631d
SHA256

c6e846bc52049a1171f8efd8e0581c84343772952a0743ccfc86a10f72497f19
SHA512

95aa3f745b0416f8adf28214925b006025dbf0d22af8d889f05070a6a8a40826d48d4ba97f071b13819b20d0822980723934ed295c070ac76ee5afe52f9bf01d
SSDEEP

6144:CH/hRFKf++4DQGfLU2a8yEM3UDLqEu9oz6lFUP+I4Jvnfz+3hSxWEIFpMOo1TDb5:5+RHInz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8bef026bce0e3298d08043682c5d6a36_JaffaCakes118

Files

8bef026bce0e3298d08043682c5d6a36_JaffaCakes118
.sys windows:5 windows x86 arch:x86

8bcf3a9195e452d2a7764459baf44111

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\BuildBkav\BkavSysLib\SysLibX\SysLibX\SysLib4.pdb

Imports

ntoskrnl.exe

memcpy
ExAllocatePoolWithTag
ExFreePoolWithTag
strncpy
strcpy
strrchr
wcsncpy
wcscpy
wcsrchr
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
wcslen
_except_handler3
ZwClose
ZwQueryInformationFile
ZwOpenFile
RtlAppendUnicodeStringToString
memset
RtlInitUnicodeString
ZwSetInformationFile
_stricmp
strcat
strstr
_strupr
wcsncmp
tolower
PsCreateSystemThread
IoCreateSymbolicLink
IoCreateDevice
IoDeleteDevice
IoDeleteSymbolicLink
KeDelayExecutionThread
IofCompleteRequest
_strlwr
ZwQueryValueKey
RtlFreeUnicodeString
ZwOpenKey
RtlAnsiStringToUnicodeString
RtlInitAnsiString
KeWaitForSingleObject
IofCallDriver
IoBuildDeviceIoControlRequest
KeInitializeEvent
ObfDereferenceObject
IoGetDeviceObjectPointer
KeReadStateEvent
MmIsAddressValid
_allmul

Sections

.text
Size: 379KB - Virtual size: 378KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 417KB - Virtual size: 417KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8bcf3a9195e452d2a7764459baf44111

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Sections

.text Size: 379KB - Virtual size: 378KB

.rdata Size: 417KB - Virtual size: 417KB

.data Size: 512B - Virtual size: 1KB

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 1008B

.reloc Size: 20KB - Virtual size: 19KB

.text
Size: 379KB - Virtual size: 378KB

.rdata
Size: 417KB - Virtual size: 417KB

.data
Size: 512B - Virtual size: 1KB

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 1008B

.reloc
Size: 20KB - Virtual size: 19KB