a94336c8f2458c5cae0b32259ba0f634_JaffaCakes118

General

Target

a94336c8f2458c5cae0b32259ba0f634_JaffaCakes118
Size

13KB
MD5

a94336c8f2458c5cae0b32259ba0f634
SHA1

3a9b4f69d716b25ab357beee61d63babc629e8be
SHA256

9aab2b350de52d8240f3cf8b50e2f1882639c5b07dcf4e972bd0f4d42f9c6077
SHA512

69ece0fe04292c0ad47182bb3d8b4025c5bb9d62e999caa1bd35da9884099b4c29d6a9e095b3e686048cff54dd8f564ab02f05c9bdaf1710987425ac499e8230
SSDEEP

192:kSaNvGv+gFQ1ruADjD3ot5A9BiSwNDWWcG+D:0Q+gFQ1ruADjy5oTWcG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a94336c8f2458c5cae0b32259ba0f634_JaffaCakes118

Files

a94336c8f2458c5cae0b32259ba0f634_JaffaCakes118
.sys windows:5 windows x86 arch:x86

c727f335720b334d5691fb42380798c9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\PcShare\VipPcShare\PcHide\objfre\i386\PcHide.pdb

Imports

ntoskrnl.exe

RtlFreeAnsiString
RtlUnicodeStringToAnsiString
ObQueryNameString
ExAllocatePoolWithTag
RtlFreeUnicodeString
wcscpy
RtlAnsiStringToUnicodeString
RtlInitAnsiString
ZwClose
ZwSetValueKey
RtlInitUnicodeString
ZwOpenKey
wcslen
wcscat
strchr
wcsncmp
ZwEnumerateKey
ExFreePoolWithTag
wcscmp
RtlCompareMemory
RtlUpperString
PsGetCurrentProcessId
ZwQueryDirectoryFile
ZwQueryValueKey
ZwEnumerateValueKey
ZwDeviceIoControlFile
ZwQuerySystemInformation
IoDeleteDevice
IoDeleteSymbolicLink
IofCompleteRequest
KeServiceDescriptorTable
IoCreateSymbolicLink
IoCreateDevice
_wcsupr
ObfDereferenceObject
_strupr
ObReferenceObjectByHandle

hal

KfReleaseSpinLock
KfAcquireSpinLock

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 1002B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 640B - Virtual size: 598B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c727f335720b334d5691fb42380798c9

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

hal

Sections

.text Size: 6KB - Virtual size: 6KB

.data Size: 3KB - Virtual size: 3KB

INIT Size: 1024B - Virtual size: 1002B

.rsrc Size: 1024B - Virtual size: 936B

.reloc Size: 640B - Virtual size: 598B

.text
Size: 6KB - Virtual size: 6KB

.data
Size: 3KB - Virtual size: 3KB

INIT
Size: 1024B - Virtual size: 1002B

.rsrc
Size: 1024B - Virtual size: 936B

.reloc
Size: 640B - Virtual size: 598B