ba0105bb356009adbc066e566e19fc9e_JaffaCakes118

General

Target

ba0105bb356009adbc066e566e19fc9e_JaffaCakes118
Size

38KB
MD5

ba0105bb356009adbc066e566e19fc9e
SHA1

c2b898a10444ac0804bf875e770af14c3364abfe
SHA256

94c15ef428966485b95181069f593131fc5b31ed2bd940a580e70214c06150c3
SHA512

23b2d661b97874ccb255f9a732b1631a60cbb56bb9cae8db7933be5769497dce1aec0e45a41320e8b635c7af73c0cbbea8466e5f1248ccbbd7bcce4842514910
SSDEEP

768:Qxct1hfzoNt24g1ZSFt/JIz5FNj1klKfOueSsUqJ:Qxf45mlYqJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ba0105bb356009adbc066e566e19fc9e_JaffaCakes118

Files

ba0105bb356009adbc066e566e19fc9e_JaffaCakes118
.sys windows:5 windows x86 arch:x86

cf96e5641762c59a16ee202d27968fa4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ObfDereferenceObject
DbgPrint
ObReferenceObjectByHandle
ObOpenObjectByName
RtlInitUnicodeString
ExRaiseStatus
ExAllocatePoolWithTag
ExFreePoolWithTag
RtlCopyUnicodeString
ZwQueryInformationProcess
wcslen
RtlCompareUnicodeString
KeReleaseMutex
KeWaitForSingleObject
IoDeleteDevice
RtlImageDirectoryEntryToData
KeDetachProcess
wcscat
KeAttachProcess
PsLookupProcessByProcessId
ZwAllocateVirtualMemory
ZwOpenProcess
wcscpy
ZwQueryInformationThread
ZwQuerySystemInformation
ZwClose
memmove
wcscmp
wcsncpy
_local_unwind2
KeServiceDescriptorTable
PsSetLoadImageNotifyRoutine
PsSetCreateProcessNotifyRoutine
ZwQueryValueKey
ZwOpenKey
ZwSetValueKey
IofCompleteRequest
SeImpersonateClientEx
RtlImageNtHeader
KeInitializeMutex
IoCreateSymbolicLink
IoCreateDevice
swprintf
SeCreateClientSecurity
KeGetCurrentThread
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
ZwUnmapViewOfSection
KeTickCount
KeBugCheckEx
_except_handler3
wcsncmp

hal

KfLowerIrql
KfRaiseIrql

Sections

.text
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 560B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cf96e5641762c59a16ee202d27968fa4

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 27KB - Virtual size: 27KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 512B - Virtual size: 560B

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 27KB - Virtual size: 27KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 560B

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 2KB