9433b293ebb3a8d04b6ec3997d0a08f1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

9433b293ebb3a8d04b6ec3997d0a08f1_JaffaCakes118
Size

40KB
MD5

9433b293ebb3a8d04b6ec3997d0a08f1
SHA1

8f060ac0f1c6046b8662ec18ea95d0a41a6f10be
SHA256

c04170b0b81af87adc8b36c8e61474ffb717309e53a0e49b415324949b09af36
SHA512

eaa337041c7183a33e52b87bc3c96d10a48306b1286f8fb104ef99840e8ea057e1432bcee42f2eddb0e6421b13b75fe6742476fe9e536d02fe7b5f7bdf457587
SSDEEP

768:LkObFmdApEXgfQS/67DeWnspNqLJaoXOpI4Rr3XpFfVWy3/N:DUdApOlS/gDeWsSJ/An1W

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9433b293ebb3a8d04b6ec3997d0a08f1_JaffaCakes118

Files

9433b293ebb3a8d04b6ec3997d0a08f1_JaffaCakes118
.sys windows:4 windows x86 arch:x86

76db2ae48e4a06c115f4b8e14dd70c73

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IofCompleteRequest
_snwprintf
wcsncpy
wcslen
wcschr
ZwCreateKey
RtlInitUnicodeString
swprintf
wcsrchr
ZwSetValueKey
ZwClose
ZwQueryValueKey
ZwOpenKey
_except_handler3
ZwDeleteKey
KeQuerySystemTime
MmIsAddressValid
IoDeviceObjectType
_wcsnicmp
PsCreateSystemThread
ObfDereferenceObject
ObReferenceObjectByHandle
RtlAnsiStringToUnicodeString
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
RtlCopyUnicodeString
MmGetSystemRoutineAddress
wcscat
wcscpy
_wcsicmp
IoRegisterDriverReinitialization
ExFreePool
_snprintf
ExAllocatePoolWithTag
RtlCompareUnicodeString
PsSetCreateProcessNotifyRoutine
KeDelayExecutionThread
strncpy
IoGetCurrentProcess
strncmp
KeTickCount
KeQueryTimeIncrement
_stricmp
ZwCreateFile
wcsstr
_wcslwr
ZwSetInformationFile
PsLookupProcessByProcessId
PsGetVersion

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGEWMI
Size: 32B - Virtual size: 10B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGEDRV
Size: 32B - Virtual size: 3B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 96B - Virtual size: 69B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

76db2ae48e4a06c115f4b8e14dd70c73

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 28KB - Virtual size: 28KB

.rdata Size: 256B - Virtual size: 252B

.data Size: 7KB - Virtual size: 7KB

PAGEWMI Size: 32B - Virtual size: 10B

PAGEDRV Size: 32B - Virtual size: 3B

PAGE Size: 96B - Virtual size: 69B

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 28KB - Virtual size: 28KB

.rdata
Size: 256B - Virtual size: 252B

.data
Size: 7KB - Virtual size: 7KB

PAGEWMI
Size: 32B - Virtual size: 10B

PAGEDRV
Size: 32B - Virtual size: 3B

PAGE
Size: 96B - Virtual size: 69B

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB