96474aa797afcfe140a9f7841c4414ba_JaffaCakes118

General

Target

96474aa797afcfe140a9f7841c4414ba_JaffaCakes118
Size

47KB
MD5

96474aa797afcfe140a9f7841c4414ba
SHA1

f38d799d89eda09039cae481100019d7db8c3fc0
SHA256

75dc27b6586dad69be619fc51f8f94ea88d63ddb844052f1ba758ef998876977
SHA512

c289e46d09bafe0ab04d2452c3b6522716d47c315412be47c7439dd9908d932c2ffe606cd17cf11b8950c67e106d3d2e3c5fd956e3dafe4a7665bb1dae47922c
SSDEEP

768:z7CwTZpQ9NeFnelKaGWxtLtzZXzHfcM5oEmMeGbEiGzpLi+50Ffsa0m1zTDZMewk:zji9UVjaGWP7zHfcRENbgz1ivFUa0IOQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
96474aa797afcfe140a9f7841c4414ba_JaffaCakes118

Files

96474aa797afcfe140a9f7841c4414ba_JaffaCakes118
.sys windows:4 windows x86 arch:x86

71b4c278a874e013c1e73f32d9dd113f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwClose
ZwCreateFile
RtlInitUnicodeString
IoRegisterDriverReinitialization
IofCompleteRequest
IoGetCurrentProcess
MmGetSystemRoutineAddress
ZwQueryValueKey
ZwOpenKey
_except_handler3
wcscat
wcscpy
PsCreateSystemThread
ExFreePool
ZwEnumerateKey
ExAllocatePoolWithTag
_wcsnicmp
wcslen
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
strncmp
PsGetVersion
strncpy
KeDelayExecutionThread
wcsstr
wcsncmp
towlower
_strnicmp
ZwWriteFile
ZwSetInformationFile
ZwReadFile
ZwQueryInformationFile
ZwDeleteValueKey
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
ExGetPreviousMode
ZwSetValueKey

Sections

.text
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 192B - Virtual size: 161B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 960B - Virtual size: 954B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 928B - Virtual size: 914B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

71b4c278a874e013c1e73f32d9dd113f

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 38KB - Virtual size: 38KB

.data Size: 5KB - Virtual size: 5KB

PAGE Size: 192B - Virtual size: 161B

INIT Size: 960B - Virtual size: 954B

.reloc Size: 928B - Virtual size: 914B

.text
Size: 38KB - Virtual size: 38KB

.data
Size: 5KB - Virtual size: 5KB

PAGE
Size: 192B - Virtual size: 161B

INIT
Size: 960B - Virtual size: 954B

.reloc
Size: 928B - Virtual size: 914B