a4da0c02f1fd163b43e0c1d4462eef7d_JaffaCakes118

General

Target

a4da0c02f1fd163b43e0c1d4462eef7d_JaffaCakes118
Size

40KB
MD5

a4da0c02f1fd163b43e0c1d4462eef7d
SHA1

b47645e6fa6a87fd0bda0dec92fe88c41cd7fe9e
SHA256

4365301e7d96154a04be4f618389dfc2209121cadcf00db9ff213f4fb3c15630
SHA512

8afe80068dfc0ba65e1c3df05f549c42bf7b714b19e0c9130fcbad616d982ec21f7a22dc4610383fee2a312b751f08516c58a317eb664e5adb125718ca548209
SSDEEP

768:5Bv/yKwYik5ZwZGqsoOfBomJI4p4DmSgWR9aI6yzI6/N7tS1ZNRAz1sjUG2:DRi6XfpC4umM56yzIy7g1He1sjU5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a4da0c02f1fd163b43e0c1d4462eef7d_JaffaCakes118

Files

a4da0c02f1fd163b43e0c1d4462eef7d_JaffaCakes118
.sys windows:4 windows x86 arch:x86

d8d2c61c476e9f1294b6bdf0f7e8f126

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

_stricmp
swprintf
wcsstr
_wcslwr
ExFreePool
_snprintf
ExAllocatePoolWithTag
strncpy
IoGetCurrentProcess
ZwClose
ZwDeleteKey
ZwSetValueKey
PsLookupProcessByProcessId
PsSetCreateProcessNotifyRoutine
ZwSetInformationFile
ZwCreateFile
RtlInitUnicodeString
wcslen
wcscpy
_wcsnicmp
strncmp
ObfDereferenceObject
ZwQueryValueKey
ZwOpenKey
IofCompleteRequest
MmIsAddressValid
IoRegisterDriverReinitialization
_wcsicmp
wcscat
_except_handler3
PsCreateSystemThread
RtlCopyUnicodeString
IoDeviceObjectType
ZwCreateKey
RtlAnsiStringToUnicodeString
RtlCompareUnicodeString
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
MmGetSystemRoutineAddress
_snwprintf
KeTickCount
KeQueryTimeIncrement
wcsncpy
wcsrchr
PsGetVersion
wcschr
ObReferenceObjectByHandle
KeDelayExecutionThread
KeQuerySystemTime

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 64B - Virtual size: 62B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d8d2c61c476e9f1294b6bdf0f7e8f126

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 28KB - Virtual size: 28KB

.rdata Size: 256B - Virtual size: 252B

.data Size: 6KB - Virtual size: 6KB

PAGE Size: 64B - Virtual size: 62B

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 28KB - Virtual size: 28KB

.rdata
Size: 256B - Virtual size: 252B

.data
Size: 6KB - Virtual size: 6KB

PAGE
Size: 64B - Virtual size: 62B

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB