ac53a653afe463c8a7af2d49d07e582c_JaffaCakes118

General

Target

ac53a653afe463c8a7af2d49d07e582c_JaffaCakes118
Size

28KB
MD5

ac53a653afe463c8a7af2d49d07e582c
SHA1

03a12268736f2fe8d189798fd0744f4bc375f7f2
SHA256

476e9daeec90066a1f1004849d88a8e8d702113c352f2a0ff1012d06893a36ce
SHA512

a100bea1eb8ff58e7e055bd85e5312f15e5df9f635b8416e90393bb80e4ddfe88559f402810153390255324840d41a99dec07eade84c0e72e439ec1c4439d3fe
SSDEEP

768:056nTiGVzdrkeUg95RDpqSLR0AdZmK9e9k3L:A6lJdrkVgZ0eL4kb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ac53a653afe463c8a7af2d49d07e582c_JaffaCakes118

Files

ac53a653afe463c8a7af2d49d07e582c_JaffaCakes118
.sys windows:5 windows x86 arch:x86

fe6a7677c4978706bfab494d22516f34

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

MmUnmapLockedPages
MmProtectMdlSystemAddress
MmAddVerifierThunks
MmAllocateMappingAddress
MmAdvanceMdl
RtlSubtreePredecessor
RtlRealSuccessor
RtlStringFromGUID
IoBuildDeviceIoControlRequest
ExFreePoolWithTag
ZwQueryFullAttributesFile
VerSetConditionMask
_wcsnicmp
ZwMapViewOfSection
RtlAppendUnicodeToString
RtlUnicodeStringToAnsiString
wcsncat
ZwSetVolumeInformationFile
RtlCompareString
MmAddPhysicalMemory
ZwSetEvent
RtlLengthSecurityDescriptor
RtlFreeAnsiString
strrchr
_wcsupr
wcsspn
ZwOpenFile
RtlxUnicodeStringToAnsiSize
ZwDeleteKey
ZwLoadDriver
RtlCreateRegistryKey
MmUnmapViewInSessionSpace

Exports

Exports

__RtlAppendUnicodeToString@4
__ZwMakeTemporaryObject@8
__ZwQueryVolumeInformationFile@4

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 448B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 132B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

const
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fe6a7677c4978706bfab494d22516f34

Headers

File Characteristics

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 5KB - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 448B

.data Size: 512B - Virtual size: 132B

const Size: 1024B - Virtual size: 1024B

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 22KB - Virtual size: 21KB

.reloc Size: 512B - Virtual size: 320B

.text
Size: 5KB - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 448B

.data
Size: 512B - Virtual size: 132B

const
Size: 1024B - Virtual size: 1024B

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 22KB - Virtual size: 21KB

.reloc
Size: 512B - Virtual size: 320B