c1d5619bbd917265fef2f2583ecc92e8_JaffaCakes118

General

Target

c1d5619bbd917265fef2f2583ecc92e8_JaffaCakes118
Size

34KB
MD5

c1d5619bbd917265fef2f2583ecc92e8
SHA1

0fee85e1b16a685e7c8c9464efa8a151daf3b898
SHA256

a0415af2c006bc7abcc98e8cac6f6316b3d5060326aefb61c3f715d3ec5ad6cc
SHA512

190e347b5177817a2aa7b9d525d596e7a113ec9ca4fccd5e5e189c7ecbcb129f2bbdda0641504dcf3e348d3fa68ab73bac0f7ec3691399d9ad2a4c8882605c9b
SSDEEP

768:LplDzKcOVlbZ1IbNa+KyAv3nWySPy1YDgZ9qZTAvQqBo5fcAnvcA/J6Z3hXreydH:LXKj3dSbY+KJv3nWySWYDi9kECfcA5Jr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c1d5619bbd917265fef2f2583ecc92e8_JaffaCakes118

Files

c1d5619bbd917265fef2f2583ecc92e8_JaffaCakes118
.sys windows:4 windows x86 arch:x86

22f6a2864f1de9d82adada7266a90d57

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwClose
ZwCreateFile
RtlInitUnicodeString
IoRegisterDriverReinitialization
ExFreePool
ZwWriteFile
ZwSetInformationFile
ZwReadFile
ExAllocatePoolWithTag
ZwQueryInformationFile
isdigit
strrchr
wcscpy
ZwEnumerateKey
wcscat
ZwOpenKey
strstr
tolower
atol
atoi
strchr
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
PsCreateSystemThread
isprint
islower
srand
isspace
isupper
toupper
ZwDeleteValueKey
KeDelayExecutionThread
_except_handler3
ZwQueryValueKey
wcsncmp
wcslen
towlower
isxdigit
_strnicmp
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
IoGetCurrentProcess
ExGetPreviousMode
KeServiceDescriptorTable
ZwSetValueKey
PsGetVersion
_wcsnicmp
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
strncmp
strncpy
IofCompleteRequest
wcsstr

Sections

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

22f6a2864f1de9d82adada7266a90d57

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 26KB - Virtual size: 26KB

.data Size: 5KB - Virtual size: 5KB

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 26KB - Virtual size: 26KB

.data
Size: 5KB - Virtual size: 5KB

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB