d17db8cc55034e6929f896f166c96c20_JaffaCakes118

General

Target

d17db8cc55034e6929f896f166c96c20_JaffaCakes118
Size

18KB
MD5

d17db8cc55034e6929f896f166c96c20
SHA1

7be7fabf86ad01ddcac8b1a44de9007781cc1d4d
SHA256

19202aec78c8959ef53c8c04a002c9312c52cd89d67f9df662e25c609e13e884
SHA512

cfc635cd6686d119c66a7609aa1d4b61a6500939fd51b7e3bb3bd824266ac6cee6c19d3a9cbdbe9d030d6926813a01c3f904e336e0534897ae55e8194c822d40
SSDEEP

192:/vfjssk/DgD82ON9bL4Nd/SxCfTVJd7/FV2Cleuznp6Qb3c8ogDnp2sswe01:XfArgD+N9QfSxw39W+euwQ48hN2z0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d17db8cc55034e6929f896f166c96c20_JaffaCakes118

Files

d17db8cc55034e6929f896f166c96c20_JaffaCakes118
.sys windows:5 windows x86 arch:x86

13e6d6e2f816818a11578bed690bd7fe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

sprintf
_strupr
ExFreePoolWithTag
ExAllocatePoolWithTag
wcscpy
wcscmp
wcslen
RtlFreeAnsiString
RtlCompareMemory
RtlUpperString
RtlUnicodeStringToAnsiString
RtlInitUnicodeString
PsGetCurrentProcessId
ZwQueryDirectoryFile
ZwQueryValueKey
ZwEnumerateValueKey
ZwEnumerateKey
ZwOpenKey
ZwDeviceIoControlFile
ZwQuerySystemInformation
IoDeleteDevice
IoDeleteSymbolicLink
wcscat
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
KeServiceDescriptorTable
IoCreateSymbolicLink
IoCreateDevice
_wcsupr
IofCompleteRequest
ObReferenceObjectByHandle
ObfDereferenceObject
ObQueryNameString
RtlInitAnsiString
ZwClose
ZwSetValueKey
swprintf
strchr
wcsncmp
RtlAssert

Sections

�м�
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

�м�
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

�м�
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

�м�
Size: 128B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

�м�
Size: 896B - Virtual size: 820B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

13e6d6e2f816818a11578bed690bd7fe

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

Sections

�м� Size: 11KB - Virtual size: 11KB

�м� Size: 3KB - Virtual size: 3KB

�м� Size: 1024B - Virtual size: 968B

�м� Size: 128B - Virtual size: 16B

�м� Size: 896B - Virtual size: 820B

�м�
Size: 11KB - Virtual size: 11KB

�м�
Size: 3KB - Virtual size: 3KB

�м�
Size: 1024B - Virtual size: 968B

�м�
Size: 128B - Virtual size: 16B

�м�
Size: 896B - Virtual size: 820B