d0f27c48abf53d58e6b79927d4948994_JaffaCakes118

General

Target

d0f27c48abf53d58e6b79927d4948994_JaffaCakes118
Size

35KB
MD5

d0f27c48abf53d58e6b79927d4948994
SHA1

4c5a3515306176a8082f6355d18ccf50a4363601
SHA256

2d53116a76e239911aed610f9a795295d48e932d84efaa2165ed7d6cd76cb6b9
SHA512

b1a8df147bb73cf7282051aef3a0cc790b74e8080d99c24d993a6e04472c255cd9190b914c4e48180b72ab011b4d9146d4ed232716e9cac3ba5e81b759fa689d
SSDEEP

768:LA4RCdN4Z54I2bWcPVhy88R6B39fnuTDTt3qEh6y/bPNvTITxs3B4tFM0lMTb9uP:LKs5b2iczy8i49fngDT1h68bPJTITSKg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d0f27c48abf53d58e6b79927d4948994_JaffaCakes118

Files

d0f27c48abf53d58e6b79927d4948994_JaffaCakes118
.sys windows:4 windows x86 arch:x86

adc0ca3c88f3960a58d3e9ba1410d27f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

srand
ZwClose
ExFreePool
wcscpy
ZwEnumerateKey
wcscat
ExAllocatePoolWithTag
ZwOpenKey
RtlInitUnicodeString
isdigit
islower
strchr
atol
isspace
strrchr
isprint
atoi
strstr
isupper
toupper
tolower
isxdigit
ZwWriteFile
ZwSetInformationFile
ZwReadFile
ZwQueryInformationFile
ZwCreateFile
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
PsCreateSystemThread
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
IoGetCurrentProcess
ExGetPreviousMode
KeServiceDescriptorTable
ZwSetValueKey
PsGetVersion
_strnicmp
wcsncmp
wcslen
towlower
wcsstr
ZwQueryValueKey
_except_handler3
ZwDeleteValueKey
KeDelayExecutionThread
IoRegisterDriverReinitialization
IofCompleteRequest
_wcsnicmp
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
strncmp
strncpy

Sections

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

adc0ca3c88f3960a58d3e9ba1410d27f

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 26KB - Virtual size: 26KB

.data Size: 5KB - Virtual size: 5KB

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 26KB - Virtual size: 26KB

.data
Size: 5KB - Virtual size: 5KB

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB