9499f7f16b9bf1396062311e61005810_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

9499f7f16b9bf1396062311e61005810_JaffaCakes118
Size

15KB
MD5

9499f7f16b9bf1396062311e61005810
SHA1

b015bb0afabedac6829b575719325d63f757c4a7
SHA256

46e647588fe31e47714a09da172b8ac4d1fb5c0f7074a745c93521087b7b23a3
SHA512

e52242b96a19065b95200fbab078101a6aefb0463ee2a9aeabf5a78f1e776aee1b645b75b40ac1d795fa000f116bd1fe6aacd10ff3dca01e40b8b76f09da1296
SSDEEP

384:9cMcRvRi36q0rj5iR6SRvI+v0xBWZ8NWKcF:9cxR5e6q0rs44w40xHr6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9499f7f16b9bf1396062311e61005810_JaffaCakes118

Files

9499f7f16b9bf1396062311e61005810_JaffaCakes118
.sys windows:5 windows x86 arch:x86

dfd5a1a62e98873be78f44ec131991a0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\WORKDI~1\SysV2\SysV2\objfre_w2k\i386\autolive.pdb

Imports

ntoskrnl.exe

ZwCreateFile
ZwSetValueKey
ZwClose
ZwCreateKey
ZwQueryValueKey
KeServiceDescriptorTable
RtlInitUnicodeString
RtlCompareMemory
IofCompleteRequest
RtlFreeUnicodeString
swprintf
RtlAnsiStringToUnicodeString
RtlInitAnsiString
ZwOpenKey
RtlFreeAnsiString
IoDeleteDevice
PsSetCreateProcessNotifyRoutine
PsCreateSystemThread
IoCreateSymbolicLink
IoCreateDevice
wcscat
_strlwr
RtlUnicodeStringToAnsiString
wcsrchr
_wcslwr
ZwEnumerateKey
ZwDeleteFile
ZwSetInformationFile
ZwQueryInformationFile
ZwOpenFile
ExFreePool
ZwWriteFile
ZwReadFile
ExAllocatePoolWithTag
wcscpy
ZwDeleteValueKey
strncmp
IoGetCurrentProcess
PsTerminateSystemThread
KeDelayExecutionThread
wcscmp
DbgPrint
InterlockedIncrement
ObfDereferenceObject
KeWaitForSingleObject
ObReferenceObjectByHandle
sprintf
_stricmp
strncpy
PsLookupProcessByProcessId
wcslen
_snprintf
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
ZwUnmapViewOfSection
MmIsAddressValid
_except_handler3

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 361B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 768B - Virtual size: 766B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dfd5a1a62e98873be78f44ec131991a0

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Sections

.text Size: 8KB - Virtual size: 8KB

.rdata Size: 384B - Virtual size: 361B

.data Size: 2KB - Virtual size: 2KB

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 768B - Virtual size: 766B

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 384B - Virtual size: 361B

.data
Size: 2KB - Virtual size: 2KB

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 768B - Virtual size: 766B