c7786cb9f141d51ed3ba6fc106f4d58c_JaffaCakes118

General

Target

c7786cb9f141d51ed3ba6fc106f4d58c_JaffaCakes118
Size

51KB
MD5

c7786cb9f141d51ed3ba6fc106f4d58c
SHA1

4dc7b6f7bff1e88a61b681248a4cceb13bd17e6b
SHA256

eb69bed9850b8c61cd66ab917cc8442a45f512b96537cef6882c30ac473c8315
SHA512

4a7dd8ddc04b7f92e213f9878e7fb0d2b41ebeea1e80b7db8e7f6f4dd87ce4383c0bb7e2d633db8736d8070c3c2b8310acf2e861018305e4ba60e2f7bed76136
SSDEEP

768:e0w8EB/H22brXA/NVMblyz6tMw2Bj7CCGeNMzqnSyOK/6KaAaVnt4zekJsCrCHXk:H7OBiVnGniV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c7786cb9f141d51ed3ba6fc106f4d58c_JaffaCakes118

Files

c7786cb9f141d51ed3ba6fc106f4d58c_JaffaCakes118
.sys windows:4 windows x86 arch:x86

359a699cf6b9130d07ef6ca7918f7d2d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwClose
ZwDeleteValueKey
RtlInitUnicodeString
KeDelayExecutionThread
_except_handler3
PsCreateSystemThread
ZwQueryValueKey
ZwOpenKey
ZwCreateFile
IoRegisterDriverReinitialization
IofCompleteRequest
IoGetCurrentProcess
ExFreePool
ZwWriteFile
ZwSetInformationFile
ZwReadFile
ExAllocatePoolWithTag
ZwQueryInformationFile
wcscpy
ZwEnumerateKey
wcscat
_wcsnicmp
wcslen
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
MmGetSystemRoutineAddress
wcsstr
RtlCopyUnicodeString
ZwSetValueKey
strncmp
PsGetVersion
strncpy
wcsncmp
towlower
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
ExGetPreviousMode
_strnicmp

Sections

.text
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 256B - Virtual size: 228B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 992B - Virtual size: 982B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

359a699cf6b9130d07ef6ca7918f7d2d

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 41KB - Virtual size: 41KB

.data Size: 7KB - Virtual size: 7KB

PAGE Size: 256B - Virtual size: 228B

INIT Size: 992B - Virtual size: 982B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 41KB - Virtual size: 41KB

.data
Size: 7KB - Virtual size: 7KB

PAGE
Size: 256B - Virtual size: 228B

INIT
Size: 992B - Virtual size: 982B

.reloc
Size: 1KB - Virtual size: 1KB