a71692188ac0ad5a3b5d15acce87907c_JaffaCakes118

General

Target

a71692188ac0ad5a3b5d15acce87907c_JaffaCakes118
Size

7KB
MD5

a71692188ac0ad5a3b5d15acce87907c
SHA1

7ead361b4642397b6b413c36f506e8570b13ca57
SHA256

46c8e30e06b1b83b18c2b3d01bc9bd5d27b371afaed668e3a324fc7c1cff92a5
SHA512

22472b612af86f57330cf0b0d1b8ced96084c80cee383cb3c7bb55f233459baf8ee37634420a0c2769279876d24ac487d2636db9e93e2b8c4ab2a247bafb2198
SSDEEP

96:xE/B8tgDmNpACaQa9FrPFNIfi8VENgL+9YSoMBuveGptQyT7NU7GUsLSzGfAlM1B:xlNptsFcfixXBkL0w1iQYC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a71692188ac0ad5a3b5d15acce87907c_JaffaCakes118

Files

a71692188ac0ad5a3b5d15acce87907c_JaffaCakes118
.sys windows:5 windows x86 arch:x86

32a913e8a9a3ae58c0199d7df03990b7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\exe\i386\SysCall.pdb

Imports

ntoskrnl.exe

DbgPrint
IoCreateDevice
KeSetEvent
KeInitializeEvent
KeInitializeSpinLock
RtlInitUnicodeString
KeClearEvent
IofCompleteRequest
KeWaitForSingleObject
KeResetEvent
strncmp
ZwQuerySystemInformation
KeServiceDescriptorTable
ZwQueryDirectoryFile
InterlockedDecrement
IoCreateSymbolicLink
InterlockedIncrement
PsGetCurrentProcessId
ZwClose
ObReferenceObjectByHandle
ZwOpenProcess
ObfDereferenceObject
KeDetachProcess
ExAllocatePoolWithTag
wcsncmp
ProbeForRead
MmHighestUserAddress
ZwQueryInformationProcess
KeAttachProcess
_except_handler3
_strnicmp
IoDeleteDevice
RtlCompareMemory
IoDeleteSymbolicLink

hal

KfReleaseSpinLock
KfAcquireSpinLock

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 356B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 256B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 482B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

32a913e8a9a3ae58c0199d7df03990b7

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

hal

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 384B - Virtual size: 356B

.data Size: 256B - Virtual size: 252B

INIT Size: 1024B - Virtual size: 960B

.reloc Size: 512B - Virtual size: 482B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 384B - Virtual size: 356B

.data
Size: 256B - Virtual size: 252B

INIT
Size: 1024B - Virtual size: 960B

.reloc
Size: 512B - Virtual size: 482B