d3771796831766edad5e85b4af123363_JaffaCakes118

General

Target

d3771796831766edad5e85b4af123363_JaffaCakes118
Size

20KB
MD5

d3771796831766edad5e85b4af123363
SHA1

8daa5ae1ba4b1abee61e9987bec481ecca962bbb
SHA256

2f02f373913b96456cf780dfeddb3d7bff370cb6790e27e411bb24a72e210d1e
SHA512

e911cc0f75acf47df2f30c8f94ac10494836a311fef03b717761e09a0edbc4075de36f433b6082713883ca07d43cc862e490ec863e5d2e99ba2c0b8d4ba9eebf
SSDEEP

384:l7Ea/oCpKVAkkNQoz0QY0qGjiU9yV+cEfYUbg2FRsynMv5/r30hVaZstH:lAa/oCE8NQo0969E+cEs685/70DwstH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d3771796831766edad5e85b4af123363_JaffaCakes118

Files

d3771796831766edad5e85b4af123363_JaffaCakes118
.sys windows:4 windows x86 arch:x86

fe1f4d4b73c3eaeceff0f4659acb60cc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

_strnicmp
ZwClose
ZwDeleteValueKey
RtlInitUnicodeString
KeDelayExecutionThread
islower
_except_handler3
PsCreateSystemThread
ZwQueryValueKey
ZwOpenKey
_wcsnicmp
wcslen
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
ZwCreateFile
IoRegisterDriverReinitialization
ExFreePool
wcscat
wcscpy
ZwEnumerateKey
ExAllocatePoolWithTag
isprint
strstr
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
IoGetCurrentProcess
ExGetPreviousMode
KeServiceDescriptorTable
ZwSetValueKey
srand
strrchr
atol
atoi
PsGetVersion
strchr
IofCompleteRequest
isspace
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
tolower
wcsstr
isupper
strncmp
strncpy
ZwWriteFile
ZwSetInformationFile
ZwReadFile
ZwQueryInformationFile
wcsncmp
towlower
isdigit

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 992B - Virtual size: 978B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fe1f4d4b73c3eaeceff0f4659acb60cc

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 12KB - Virtual size: 12KB

.data Size: 5KB - Virtual size: 5KB

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 992B - Virtual size: 978B

.text
Size: 12KB - Virtual size: 12KB

.data
Size: 5KB - Virtual size: 5KB

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 992B - Virtual size: 978B