a12cc389f049e8e92dee2ae37c57fbeb_JaffaCakes118

General

Target

a12cc389f049e8e92dee2ae37c57fbeb_JaffaCakes118
Size

51KB
MD5

a12cc389f049e8e92dee2ae37c57fbeb
SHA1

42dd0c2af939f9f77974287c43f1d1e205caf3e0
SHA256

6d30e567bef6649599aa76a34ba8252f7f59443b81776be3535d3cdc49e435bc
SHA512

da4ed3d7e922f788b875b9b1913688d1d3899887dd69a1097efe7068fd168ca6217a5fe0d240ee79481eeddef996c3e5680b1fa0466ad149f96f4a7035055c43
SSDEEP

1536:L8ijQ4qGiMsd7nP1yQ42P1u8eRXzsLDCktbb2/ZdoHF36PLLYzkoI79aSHX:L8o7sdHPg8eRYLDChoQPUkL7b3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a12cc389f049e8e92dee2ae37c57fbeb_JaffaCakes118

Files

a12cc389f049e8e92dee2ae37c57fbeb_JaffaCakes118
.sys windows:4 windows x86 arch:x86

7606a82f6fd613eea77a1a4ee19a617b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwClose
ZwDeleteValueKey
RtlInitUnicodeString
KeDelayExecutionThread
_except_handler3
PsCreateSystemThread
ZwQueryValueKey
ZwOpenKey
ExFreePool
wcscpy
ZwEnumerateKey
wcscat
ExAllocatePoolWithTag
MmGetSystemRoutineAddress
strncmp
IoGetCurrentProcess
PsGetVersion
strncpy
wcsstr
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
ExGetPreviousMode
ZwSetValueKey
ZwCreateFile
IoRegisterDriverReinitialization
ZwWriteFile
ZwSetInformationFile
ZwReadFile
ZwQueryInformationFile
wcsncmp
wcslen
towlower
_strnicmp
_wcsnicmp
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
IofCompleteRequest

Sections

.text
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 192B - Virtual size: 167B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 960B - Virtual size: 954B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 992B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7606a82f6fd613eea77a1a4ee19a617b

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 42KB - Virtual size: 42KB

.data Size: 6KB - Virtual size: 6KB

PAGE Size: 192B - Virtual size: 167B

INIT Size: 960B - Virtual size: 954B

.reloc Size: 992B - Virtual size: 992B

.text
Size: 42KB - Virtual size: 42KB

.data
Size: 6KB - Virtual size: 6KB

PAGE
Size: 192B - Virtual size: 167B

INIT
Size: 960B - Virtual size: 954B

.reloc
Size: 992B - Virtual size: 992B