a8935aec1bab4df72bf0121ace59fa45_JaffaCakes118

General

Target

a8935aec1bab4df72bf0121ace59fa45_JaffaCakes118
Size

17.0MB
MD5

a8935aec1bab4df72bf0121ace59fa45
SHA1

747030e874d6ddb8a16433abd1b24d72271194be
SHA256

c8824da56cde70710bf6b7da0faa7d57ddbb6f952b87ee70026d2d824f45ddb0
SHA512

cab44296f451c7da38cf39d75463480ce8143950222eb7cb05023bdae28fb3086bd1330d3f02bd5266c83e9c82e9e855bb2a332f5b44162efad708550a94cc50
SSDEEP

98304:lNdM9hmUjYf/6g4fiUKRv/6g4fiUKRW/6g4fiUKR2WlkJ+qQaxf8:lNe9kb63iUIn63iUIk63iUI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a8935aec1bab4df72bf0121ace59fa45_JaffaCakes118

Files

a8935aec1bab4df72bf0121ace59fa45_JaffaCakes118
.sys windows:5 windows x86 arch:x86

553db1c071616757679fb78a9e50cc52

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\BuildBkav3\BkavSysLib\SysLibX\SysLibX\SysLib3.pdb

Imports

ntoskrnl.exe

_except_handler3
memcpy
ExAllocatePoolWithTag
ExFreePoolWithTag
_stricmp
memset
strcmp
strcat
strncat
strlen
strncpy
strcpy
strncmp
strrchr
wcsncpy
wcscpy
wcsrchr
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
wcslen
ZwClose
ZwQueryInformationFile
ZwOpenFile
RtlAppendUnicodeStringToString
RtlInitUnicodeString
ZwSetInformationFile
strstr
_strupr
wcsncmp
tolower
PsCreateSystemThread
IoCreateSymbolicLink
IoCreateDevice
IoDeleteDevice
IoDeleteSymbolicLink
KeDelayExecutionThread
IofCompleteRequest
_strlwr
ZwQueryValueKey
RtlFreeUnicodeString
ZwOpenKey
RtlAnsiStringToUnicodeString
RtlInitAnsiString
KeWaitForSingleObject
IofCallDriver
IoBuildDeviceIoControlRequest
KeInitializeEvent
ObfDereferenceObject
IoGetDeviceObjectPointer
KeReadStateEvent
MmIsAddressValid
_allmul

Sections

.text
Size: 7.4MB - Virtual size: 7.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9.2MB - Virtual size: 9.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 476KB - Virtual size: 476KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

553db1c071616757679fb78a9e50cc52

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Sections

.text Size: 7.4MB - Virtual size: 7.4MB

.rdata Size: 9.2MB - Virtual size: 9.2MB

.data Size: 512B - Virtual size: 1KB

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 1008B

.reloc Size: 476KB - Virtual size: 476KB

.text
Size: 7.4MB - Virtual size: 7.4MB

.rdata
Size: 9.2MB - Virtual size: 9.2MB

.data
Size: 512B - Virtual size: 1KB

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 1008B

.reloc
Size: 476KB - Virtual size: 476KB