c13a29c8dd80057ab0265a65e3652583_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c13a29c8dd80057ab0265a65e3652583_JaffaCakes118
Size

40KB
MD5

c13a29c8dd80057ab0265a65e3652583
SHA1

4ef3cf1efda2d89289c5235c1b5db0185886645e
SHA256

2ec2c3859ba01d8e5fb756908961d071650de216e176d5a073be7b59524c1086
SHA512

0766a8c11e54a1ac9042d7cd5c56fa1b796f4a1ea9a0bf0c2adcde1f645612bd9c61238ad874805ca463a83f14e411dec9c2f89beec2c6f49e4dd82395e86064
SSDEEP

768:eAG5klh4dirG4PxeiiYib8jL50sjV5v7RkAFPtVEF93vQrCkQ678gq9:JYkT4gGEMfbEL50sjV5vdF1VEF93eVJE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c13a29c8dd80057ab0265a65e3652583_JaffaCakes118

Files

c13a29c8dd80057ab0265a65e3652583_JaffaCakes118
.sys windows:4 windows x86 arch:x86

213f15390bae89e1f9a55f672655dc8d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

_wcsnicmp
wcslen
RtlInitUnicodeString
ObfDereferenceObject
_snwprintf
wcsncpy
wcschr
_wcsicmp
wcsrchr
ZwClose
ZwQueryValueKey
ExFreePool
ExAllocatePoolWithTag
RtlCompareUnicodeString
ZwDeleteKey
swprintf
_stricmp
wcsstr
_wcslwr
strncpy
IoGetCurrentProcess
RtlCopyUnicodeString
ObReferenceObjectByHandle
PsLookupProcessByProcessId
PsSetCreateProcessNotifyRoutine
IofCompleteRequest
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
ZwSetValueKey
ZwOpenKey
KeQuerySystemTime
strncmp
MmIsAddressValid
KeTickCount
KeQueryTimeIncrement
PsCreateSystemThread
ZwCreateKey
KeDelayExecutionThread
PsGetVersion
ZwSetInformationFile
ZwCreateFile
wcscpy
_except_handler3
IoRegisterDriverReinitialization
IoDeviceObjectType
MmGetSystemRoutineAddress
_snprintf
wcscat
RtlAnsiStringToUnicodeString

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 64B - Virtual size: 55B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGEWMI
Size: 32B - Virtual size: 10B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGEDRV
Size: 32B - Virtual size: 3B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

213f15390bae89e1f9a55f672655dc8d

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 28KB - Virtual size: 28KB

.rdata Size: 256B - Virtual size: 252B

.data Size: 7KB - Virtual size: 7KB

PAGE Size: 64B - Virtual size: 55B

PAGEWMI Size: 32B - Virtual size: 10B

PAGEDRV Size: 32B - Virtual size: 3B

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 28KB - Virtual size: 28KB

.rdata
Size: 256B - Virtual size: 252B

.data
Size: 7KB - Virtual size: 7KB

PAGE
Size: 64B - Virtual size: 55B

PAGEWMI
Size: 32B - Virtual size: 10B

PAGEDRV
Size: 32B - Virtual size: 3B

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB