c7d2a6516aae876c90db94d8c58ba1be_JaffaCakes118

General

Target

c7d2a6516aae876c90db94d8c58ba1be_JaffaCakes118
Size

5KB
MD5

c7d2a6516aae876c90db94d8c58ba1be
SHA1

ef6b07605631310d9fd2796d73bd481dc007d9a3
SHA256

48c1eba5418f37969cde395cb3a9ddb0b37447aff3cd730b734f6be456643ba0
SHA512

6a9f16bb9526bb04a8e04a4a175072e5562c849f2a57e49d9c9052e93f37d61f967c32c58b93ee1eaaaf0dbbbbe6e66a13378974339a5b542c83495b6264d5b8
SSDEEP

96:ZkPhFNoQonF/kdzCt62Z0zbfQ4WuULlQsD11jbrCLc:ZkPhFNoQonF/kdza62KQFuxs/2L

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c7d2a6516aae876c90db94d8c58ba1be_JaffaCakes118

Files

c7d2a6516aae876c90db94d8c58ba1be_JaffaCakes118
.exe windows:5 windows x86 arch:x86

3325a1a4fcabd2c615283d9ae29fc5b0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

@:*;L7LC.:BLK:)&I?L628$ 5+?1+(J)EE4616$*KH*D=!F.IL-;<( 21

Imports

ntoskrnl.exe

RtlFreeAnsiString
RtlCompareMemory
RtlUpperString
RtlUnicodeStringToAnsiString
RtlInitUnicodeString
PsGetCurrentProcessId
ZwQueryDirectoryFile
ZwDeviceIoControlFile
IoDeleteDevice
IoDeleteSymbolicLink
wcscat
RtlFreeUnicodeString
wcscpy
RtlAnsiStringToUnicodeString
IofCompleteRequest
KeServiceDescriptorTable
IoCreateSymbolicLink
IoCreateDevice

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 640B - Virtual size: 560B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 640B - Virtual size: 526B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 128B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xxx0
Size: 256B - Virtual size: 214B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.xxx1
Size: 128B - Virtual size: 113B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE

.reloc
Size: 256B - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3325a1a4fcabd2c615283d9ae29fc5b0

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Sections

.text Size: 3KB - Virtual size: 3KB

.data Size: 640B - Virtual size: 560B

INIT Size: 640B - Virtual size: 526B

.rsrc Size: 128B - Virtual size: 16B

.xxx0 Size: 256B - Virtual size: 214B

.xxx1 Size: 128B - Virtual size: 113B

.reloc Size: 256B - Virtual size: 180B

.text
Size: 3KB - Virtual size: 3KB

.data
Size: 640B - Virtual size: 560B

INIT
Size: 640B - Virtual size: 526B

.rsrc
Size: 128B - Virtual size: 16B

.xxx0
Size: 256B - Virtual size: 214B

.xxx1
Size: 128B - Virtual size: 113B

.reloc
Size: 256B - Virtual size: 180B