d1eb6a15bd09ddf68838395c20e83ee8_JaffaCakes118

General

Target

d1eb6a15bd09ddf68838395c20e83ee8_JaffaCakes118
Size

19KB
MD5

d1eb6a15bd09ddf68838395c20e83ee8
SHA1

bb8302e6011be92061861742d2618bcd324c245d
SHA256

20467f68337b825e109d22532b9afba73b7df7a1567058bd338ad685a5913fc1
SHA512

043bb9269aad14a07d860aed7f7bd4b78f1a001c3dccbbb794d63fae093f7eeb96356f3921deaa0a2fab4f1347407777d11d8873dc099637862ef0ce77edfa77
SSDEEP

384:LitvzLA8xfPjl40d6DIEYPehwxIN4DI3/R03nfjxQh7dKWHwR5F:Lk/A+fPjl40Y0EkehwGNUI3/K3nL+JEv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d1eb6a15bd09ddf68838395c20e83ee8_JaffaCakes118

Files

d1eb6a15bd09ddf68838395c20e83ee8_JaffaCakes118
.sys windows:4 windows x86 arch:x86

123a421ebb5088f233d6df0f46e6c3bd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwClose
wcsstr
ZwQueryValueKey
ZwOpenKey
RtlInitUnicodeString
tolower
_except_handler3
ZwDeleteValueKey
KeDelayExecutionThread
isprint
strrchr
isxdigit
PsCreateSystemThread
ExFreePool
wcscpy
ZwEnumerateKey
wcscat
ExAllocatePoolWithTag
isdigit
_strnicmp
wcsncmp
wcslen
towlower
atoi
isspace
toupper
islower
isupper
ZwWriteFile
ZwSetInformationFile
ZwReadFile
ZwQueryInformationFile
ZwCreateFile
atol
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
PsGetVersion
strchr
strstr
srand
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
IoGetCurrentProcess
ExGetPreviousMode
KeServiceDescriptorTable
ZwSetValueKey
IoRegisterDriverReinitialization
_wcsnicmp
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
strncmp
strncpy
IofCompleteRequest

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 992B - Virtual size: 980B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

123a421ebb5088f233d6df0f46e6c3bd

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 11KB - Virtual size: 11KB

.data Size: 5KB - Virtual size: 5KB

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 992B - Virtual size: 980B

.text
Size: 11KB - Virtual size: 11KB

.data
Size: 5KB - Virtual size: 5KB

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 992B - Virtual size: 980B