b3c1cf93f16b1e29a3d6c3631cf0a258_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b3c1cf93f16b1e29a3d6c3631cf0a258_JaffaCakes118
Size

40KB
MD5

b3c1cf93f16b1e29a3d6c3631cf0a258
SHA1

9bbaba7d3e8f7e827d4a184bc3d8cf3dbd5afc4f
SHA256

346ef8b53d68266e9875a70b0b39448743106286d4cb81acb60bdb73d9e6cfee
SHA512

4bbdb9236aead422f498b2f8f0a572964e48958c66da1cbd184ae1ed6d31e08258a892f22e1ed7497545e9bab31c7b43390a9b0ee2f79f3cf8e85d8907f255c6
SSDEEP

768:zoldrm6h0j97LXx+Vr6LClP+Z9RHyeDGkV7934mfJ1h/O6X1:zOH+j1XW62ZA9RHyeCOomh1NX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b3c1cf93f16b1e29a3d6c3631cf0a258_JaffaCakes118

Files

b3c1cf93f16b1e29a3d6c3631cf0a258_JaffaCakes118
.sys windows:4 windows x86 arch:x86

7f0096e4ad5665953e0a213c9b7e7d4c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlCompareUnicodeString
RtlInitUnicodeString
MmIsAddressValid
ZwClose
ZwSetInformationFile
ZwCreateFile
wcslen
wcscpy
swprintf
ZwSetValueKey
ZwCreateKey
strncmp
IoGetCurrentProcess
wcsncpy
PsGetVersion
ZwQueryValueKey
ZwDeleteKey
ObReferenceObjectByHandle
ZwOpenKey
_except_handler3
KeQuerySystemTime
wcscat
_snwprintf
wcschr
ExAllocatePoolWithTag
wcsstr
_wcslwr
ObfDereferenceObject
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
RtlAnsiStringToUnicodeString
_wcsnicmp
PsCreateSystemThread
KeTickCount
KeQueryTimeIncrement
_stricmp
IoRegisterDriverReinitialization
_wcsicmp
wcsrchr
PsSetCreateProcessNotifyRoutine
strncpy
PsLookupProcessByProcessId
IoDeviceObjectType
KeDelayExecutionThread
MmGetSystemRoutineAddress
ExFreePool
_snprintf
RtlCopyUnicodeString
IofCompleteRequest

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGEWMI
Size: 32B - Virtual size: 10B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGEDRV
Size: 32B - Virtual size: 3B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 96B - Virtual size: 75B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7f0096e4ad5665953e0a213c9b7e7d4c

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 28KB - Virtual size: 28KB

.rdata Size: 256B - Virtual size: 252B

.data Size: 7KB - Virtual size: 7KB

PAGEWMI Size: 32B - Virtual size: 10B

PAGEDRV Size: 32B - Virtual size: 3B

PAGE Size: 96B - Virtual size: 75B

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 28KB - Virtual size: 28KB

.rdata
Size: 256B - Virtual size: 252B

.data
Size: 7KB - Virtual size: 7KB

PAGEWMI
Size: 32B - Virtual size: 10B

PAGEDRV
Size: 32B - Virtual size: 3B

PAGE
Size: 96B - Virtual size: 75B

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB