8db1cdd89fc38b6965c0ae8c157870f0_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

8db1cdd89fc38b6965c0ae8c157870f0_JaffaCakes118
Size

41KB
MD5

8db1cdd89fc38b6965c0ae8c157870f0
SHA1

adb80286ef467dba089d87276bb693905be5006e
SHA256

7605f5cd29044c50730848d00089e3766804f4a0bbe59971d45b3386ce4eeadf
SHA512

bcd9465d13c9c74c757f96568b59aaad379e2e9acaa0452b0c8907ca33169506bab6929d26a07e4687fdd86a828e8d011bdfef39a9b932977bf698a032aa8fec
SSDEEP

768:FG+QvAXOTRVwyMeAJIJB5nJ55C7cNdIiCu6/lQSfJBgq5xN06dzBU:qAXOXw5eNJB5J5w7mmiCtdQShdxi6/U

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8db1cdd89fc38b6965c0ae8c157870f0_JaffaCakes118

Files

8db1cdd89fc38b6965c0ae8c157870f0_JaffaCakes118
.sys windows:4 windows x86 arch:x86

9a1b644cd0cbc4b07a40df083989bc84

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

_snwprintf
ExAllocatePoolWithTag
RtlInitUnicodeString
PsSetCreateProcessNotifyRoutine
ExFreePool
ZwClose
ObfDereferenceObject
_stricmp
swprintf
wcsstr
_wcslwr
_wcsicmp
strncmp
IoGetCurrentProcess
ZwOpenKey
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
ZwDeleteKey
ZwSetValueKey
wcslen
MmIsAddressValid
wcsncpy
wcschr
ZwSetInformationFile
ZwCreateFile
wcscpy
strncpy
KeQuerySystemTime
ZwQueryValueKey
_except_handler3
_snprintf
MmGetSystemRoutineAddress
wcsrchr
RtlAnsiStringToUnicodeString
RtlCompareUnicodeString
ObReferenceObjectByHandle
PsGetVersion
ZwCreateKey
KeTickCount
KeQueryTimeIncrement
PsCreateSystemThread
IoRegisterDriverReinitialization
IoDeviceObjectType
IofCompleteRequest
wcscat
_wcsnicmp
KeDelayExecutionThread
RtlCopyUnicodeString
PsLookupProcessByProcessId

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGEWMI
Size: 32B - Virtual size: 10B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGEDRV
Size: 32B - Virtual size: 8B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGESYS
Size: 32B - Virtual size: 8B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGEALL
Size: 32B - Virtual size: 8B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGEDATA
Size: 32B - Virtual size: 3B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 64B - Virtual size: 37B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 736B - Virtual size: 712B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9a1b644cd0cbc4b07a40df083989bc84

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 28KB - Virtual size: 28KB

.data Size: 6KB - Virtual size: 6KB

PAGEWMI Size: 32B - Virtual size: 10B

PAGEDRV Size: 32B - Virtual size: 8B

PAGESYS Size: 32B - Virtual size: 8B

PAGEALL Size: 32B - Virtual size: 8B

PAGEDATA Size: 32B - Virtual size: 3B

PAGE Size: 64B - Virtual size: 37B

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 736B - Virtual size: 712B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 28KB - Virtual size: 28KB

.data
Size: 6KB - Virtual size: 6KB

PAGEWMI
Size: 32B - Virtual size: 10B

PAGEDRV
Size: 32B - Virtual size: 8B

PAGESYS
Size: 32B - Virtual size: 8B

PAGEALL
Size: 32B - Virtual size: 8B

PAGEDATA
Size: 32B - Virtual size: 3B

PAGE
Size: 64B - Virtual size: 37B

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 736B - Virtual size: 712B

.reloc
Size: 1KB - Virtual size: 1KB