b90721467d7cdfcbc6401e7bccafc882_JaffaCakes118

General

Target

b90721467d7cdfcbc6401e7bccafc882_JaffaCakes118
Size

31KB
MD5

b90721467d7cdfcbc6401e7bccafc882
SHA1

dcc598c0669c17d635248198f60ce3dd17ebff2d
SHA256

c1d96c10f9310a762ffd463f6ec74ca2e6fb59fcdbb1491fa550a1e6a264ad22
SHA512

97ee31df995bbd9862b7c7094a40e22e6798638793f9abbf0685831b2b2f7c7733430fbebe947cea54ed1973390888711265f08fc3c56b5ea1eafcd2e534fcea
SSDEEP

768:ClNc3IH+mU/wohScthbVwPgWd8gueQ6GUN:Cl+YHtzohScDVWQ4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b90721467d7cdfcbc6401e7bccafc882_JaffaCakes118

Files

b90721467d7cdfcbc6401e7bccafc882_JaffaCakes118
.sys windows:5 windows x86 arch:x86

3d7894af9c84912f6870fbb217719fd0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExUnregisterCallback
ExFreePoolWithTag
ExVerifySuite
ExNotifyCallback
ExInitializeRundownProtection
ExAllocatePool
ExRegisterCallback
RtlDelete
strncat
ObGetObjectSecurity
ExUuidCreate
strncmp
VerSetConditionMask
ZwQuerySymbolicLinkObject
_wcsnicmp
wcsncpy
ZwPowerInformation
RtlUnicodeStringToAnsiString
ZwDeleteValueKey
RtlInitString
RtlCompareString
ZwSetInformationFile
ZwMakeTemporaryObject
wcsstr
ZwEnumerateValueKey
RtlAppendUnicodeStringToString
RtlFreeAnsiString
ZwDeleteFile
RtlCopyUnicodeString
RtlUnicodeStringToInteger
wcsncmp
ZwQueryInformationFile
ZwOpenSection
ObReferenceObjectByPointer
RtlSplay
IoAllocateMdl
ZwOpenKey
memset

Exports

Exports

_Delete_TempSysFile@4
_Insert_TmpSysFile@8

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

const
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3d7894af9c84912f6870fbb217719fd0

Headers

File Characteristics

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 3KB

.rdata Size: 512B - Virtual size: 456B

.data Size: 512B - Virtual size: 128B

const Size: 512B - Virtual size: 512B

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 22KB - Virtual size: 22KB

.reloc Size: 512B - Virtual size: 312B

.text
Size: 4KB - Virtual size: 3KB

.rdata
Size: 512B - Virtual size: 456B

.data
Size: 512B - Virtual size: 128B

const
Size: 512B - Virtual size: 512B

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 22KB - Virtual size: 22KB

.reloc
Size: 512B - Virtual size: 312B