d4aabb293aba8da15a7fb1bdd0d712fa_JaffaCakes118

General

Target

d4aabb293aba8da15a7fb1bdd0d712fa_JaffaCakes118
Size

44KB
MD5

d4aabb293aba8da15a7fb1bdd0d712fa
SHA1

361e95a0a5d0612c26a638e388d4ad6f8d34902b
SHA256

aa2f85a6f99af60e01c122566d2b85c5fad8fee0e2f5323c1929fa7a678776e5
SHA512

b5ab3d13a5bcc468a48b1cb05f90fc4715a58473c5b1dfff156df4b6a15a486d5e6511c09d481dfce33422c0385c00bca28e8236ffc402dfaa74545a5ddd073c
SSDEEP

768:ah/6wm8PZbpqqhWl/CV4F0QvTWgjdwYXMhu0kx/Azt0:WS0pqEWW4FdvTddfsu0n0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d4aabb293aba8da15a7fb1bdd0d712fa_JaffaCakes118

Files

d4aabb293aba8da15a7fb1bdd0d712fa_JaffaCakes118
.sys windows:4 windows x86 arch:x86

940f59baeabf41d4bdc5b978c41ff886

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

_stricmp
memset
ObfDereferenceObject
ExAllocatePoolWithTag
ZwClose
ExFreePoolWithTag
PsLookupProcessByProcessId
KeDelayExecutionThread
memcpy
ExQueueWorkItem
ZwCreateKey
KeInitializeMutex
KeLeaveCriticalRegion
PsGetProcessImageFileName
_wcsnicmp
RtlInitUnicodeString
IoDeleteDevice
wcsncpy
RtlAppendUnicodeToString
ZwSetValueKey
PsSetCreateProcessNotifyRoutine
wcslen
ZwOpenDirectoryObject
KeEnterCriticalRegion
KeReleaseMutex
KeQuerySystemTime
ObQueryNameString
IoDriverObjectType
ZwQueryValueKey
ExAcquireResourceSharedLite
strcmp
ExReleaseResourceLite
ZwEnumerateValueKey
RtlAppendUnicodeStringToString
IofCompleteRequest
PsGetThreadProcess
KeWaitForSingleObject
ZwQueryDirectoryObject
RtlCompareUnicodeString
CmRegisterCallback
IoCreateSymbolicLink
RtlCopyUnicodeString
MmIsAddressValid
ObReferenceObjectByName
IoCreateDevice
ExInitializeResourceLite
wcsncmp
ZwEnumerateKey
IoRegisterFsRegistrationChange
ZwOpenKey

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 800B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

940f59baeabf41d4bdc5b978c41ff886

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 10KB - Virtual size: 10KB

.rdata Size: 800B - Virtual size: 784B

.data Size: 4KB - Virtual size: 4KB

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 10KB - Virtual size: 10KB

.rdata
Size: 800B - Virtual size: 784B

.data
Size: 4KB - Virtual size: 4KB

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB