a3224c952b1ee919c79d0da146b86ffe_JaffaCakes118

General

Target

a3224c952b1ee919c79d0da146b86ffe_JaffaCakes118
Size

37KB
MD5

a3224c952b1ee919c79d0da146b86ffe
SHA1

1610a1707866c30ce85db508b2219f02866156c0
SHA256

d09c9928d95d3790f4bb905e0dba65e179718b3814a65df9c94d1a3c305a44a4
SHA512

af2e90ef366ba90d59f18777966cee798a9a63e68a510851ecf9277aba206b6b6609f6a8b9d61918a78f8339b8c781d2333c082b7db41da58655d4321ea5ae1f
SSDEEP

768:t4nPYadHkPd0UMsd+vRthlso9gO5aTVOXiJ6:enlHqd01sduRthyoR5gV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a3224c952b1ee919c79d0da146b86ffe_JaffaCakes118

Files

a3224c952b1ee919c79d0da146b86ffe_JaffaCakes118
.sys windows:4 windows x86 arch:x86

3c5d35b48e6d1bd8243ba22bafb07c2c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExFreePool
_snprintf
ExAllocatePoolWithTag
_wcsnicmp
wcslen
_snwprintf
wcsncpy
wcschr
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
RtlInitUnicodeString
RtlCompareUnicodeString
ZwSetValueKey
ZwClose
ObfDereferenceObject
MmIsAddressValid
strncpy
IoGetCurrentProcess
ZwCreateKey
swprintf
wcsrchr
PsCreateSystemThread
_wcsicmp
ZwSetInformationFile
ZwCreateFile
wcscpy
PsLookupProcessByProcessId
_stricmp
RtlCopyUnicodeString
RtlAnsiStringToUnicodeString
ZwQueryValueKey
strncmp
ZwOpenKey
IofCompleteRequest
wcscat
_except_handler3
KeTickCount
KeQueryTimeIncrement
wcsstr
_wcslwr
IoDeviceObjectType
ObReferenceObjectByHandle
MmGetSystemRoutineAddress
ZwDeleteKey
KeQuerySystemTime
KeDelayExecutionThread
PsSetCreateProcessNotifyRoutine
IoRegisterDriverReinitialization

Sections

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGEWMI
Size: 32B - Virtual size: 5B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 96B - Virtual size: 68B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 736B - Virtual size: 712B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3c5d35b48e6d1bd8243ba22bafb07c2c

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 26KB - Virtual size: 26KB

.data Size: 6KB - Virtual size: 6KB

PAGEWMI Size: 32B - Virtual size: 5B

PAGE Size: 96B - Virtual size: 68B

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 736B - Virtual size: 712B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 26KB - Virtual size: 26KB

.data
Size: 6KB - Virtual size: 6KB

PAGEWMI
Size: 32B - Virtual size: 5B

PAGE
Size: 96B - Virtual size: 68B

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 736B - Virtual size: 712B

.reloc
Size: 1KB - Virtual size: 1KB