aba4b0eae3a9483eb065ca2ca16c5a83_JaffaCakes118

General

Target

aba4b0eae3a9483eb065ca2ca16c5a83_JaffaCakes118
Size

209KB
MD5

aba4b0eae3a9483eb065ca2ca16c5a83
SHA1

686de071b4764091f19994b7fc8ca1d3730628af
SHA256

424df21d1b75ce2515f2a0aaf5c3eaf104357b737b4968abfc50331abab3af40
SHA512

3ec7011f46c2c83ca66087ef35cc3af3b39e22d9d0e5feceafdd48f4d4b32bd09f0eed088c569a56369f7c1685d01799cc6f58cde2161571c0b7478b8624994b
SSDEEP

3072:hQsj+Yelf3XmNzO2EGdz4/27D8Xx156+jLvLngWhbmlwAtIaFlB9HrXj7x:usjDzmizaioXx156Vlbtv1Hzx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aba4b0eae3a9483eb065ca2ca16c5a83_JaffaCakes118

Files

aba4b0eae3a9483eb065ca2ca16c5a83_JaffaCakes118
.sys windows:5 windows x86 arch:x86

6b8570fdc7db3caf2ad840ae68bdcccd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

_stricmp
PsSetCreateProcessNotifyRoutine
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
RtlInitUnicodeString
wcscpy
ExFreePool
ZwQueryValueKey
ZwOpenKey
ExAllocatePoolWithTag
ZwReadFile
ZwClose
ZwQueryInformationFile
ZwOpenFile
ZwWriteFile
ZwCreateFile
wcscat
PsGetVersion
MmGetSystemRoutineAddress
strncmp
IoGetCurrentProcess
ZwMapViewOfSection
ZwCreateSection
PsCreateSystemThread
ZwUnmapViewOfSection
IoDeleteSymbolicLink
IofCompleteRequest
KeWaitForSingleObject
MmUnlockPages
KeInsertQueueApc
KeInitializeApc
KeInitializeEvent
KeUnstackDetachProcess
MmMapLockedPagesSpecifyCache
KeStackAttachProcess
IoFreeMdl
MmProbeAndLockPages
IoAllocateMdl
_except_handler3
KeSetEvent
PsTerminateSystemThread
ZwAllocateVirtualMemory
ZwOpenProcess
KeClearEvent
IoCreateNotificationEvent
ObfDereferenceObject
PsLookupProcessByProcessId

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 380B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 640B - Virtual size: 616B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6b8570fdc7db3caf2ad840ae68bdcccd

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 28KB - Virtual size: 28KB

.rdata Size: 384B - Virtual size: 380B

.data Size: 2KB - Virtual size: 2KB

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 640B - Virtual size: 616B

.text
Size: 28KB - Virtual size: 28KB

.rdata
Size: 384B - Virtual size: 380B

.data
Size: 2KB - Virtual size: 2KB

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 640B - Virtual size: 616B