a7d86cce867247eba237f066f0aa085a_JaffaCakes118

General

Target

a7d86cce867247eba237f066f0aa085a_JaffaCakes118
Size

10KB
MD5

a7d86cce867247eba237f066f0aa085a
SHA1

79eeff73da1559f288ea3e225adfa77e24015fab
SHA256

a5f0a722e03a9131b70b5a45c1fc1139ba6170d84a4ee30920e9cc2dbeb2c7b9
SHA512

0ad66fc39090fc1f3a29f3e23d8b836997e7156a0054a4d7aa5cd0bf96eede21724dc9b45230c4cdafc819bbebf331492c8937a58b5c70da65a1d86ef21b919f
SSDEEP

192:KanJvpEsCFi703r3AjdUeJ4F7EdLx64QdDdNbiXOodinZ:/n3an7pSG7EdVdmDefwnZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a7d86cce867247eba237f066f0aa085a_JaffaCakes118

Files

a7d86cce867247eba237f066f0aa085a_JaffaCakes118
.sys windows:5 windows x86 arch:x86

cb472ceb22ce4823e8e3c52cf0042aa0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\lkdfdsakjqwwer.pdb

Imports

ntoskrnl.exe

sprintf
_strupr
ExFreePoolWithTag
ExAllocatePoolWithTag
RtlFreeAnsiString
RtlCompareMemory
RtlUpperString
RtlUnicodeStringToAnsiString
RtlInitUnicodeString
PsGetCurrentProcessId
ZwQueryDirectoryFile
ZwQueryValueKey
ZwEnumerateValueKey
ZwEnumerateKey
ZwOpenKey
ZwDeviceIoControlFile
ZwQuerySystemInformation
IoDeleteDevice
IoDeleteSymbolicLink
wcscat
wcscpy
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
IofCompleteRequest
KeServiceDescriptorTable
IoCreateSymbolicLink
IoCreateDevice
_wcsupr
ObReferenceObjectByHandle
ObfDereferenceObject
ObQueryNameString
RtlInitAnsiString
ZwClose
ZwSetValueKey
wcslen
wcsncmp

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 908B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 128B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 640B - Virtual size: 556B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cb472ceb22ce4823e8e3c52cf0042aa0

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Sections

.text Size: 7KB - Virtual size: 6KB

.data Size: 1KB - Virtual size: 1KB

INIT Size: 1024B - Virtual size: 908B

.rsrc Size: 128B - Virtual size: 16B

.reloc Size: 640B - Virtual size: 556B

.text
Size: 7KB - Virtual size: 6KB

.data
Size: 1KB - Virtual size: 1KB

INIT
Size: 1024B - Virtual size: 908B

.rsrc
Size: 128B - Virtual size: 16B

.reloc
Size: 640B - Virtual size: 556B