dae3b71aab5b7e8e7f78139fd2524680_JaffaCakes118

General

Target

dae3b71aab5b7e8e7f78139fd2524680_JaffaCakes118
Size

9KB
MD5

dae3b71aab5b7e8e7f78139fd2524680
SHA1

74c658d88ec18b57e6da68c066e30ac105b8d265
SHA256

ea1ff6e1d4e4178c828987105e6ccbf5c438a3a412e2c5babb7bc7b53a277fef
SHA512

980ae538f7dcdca77c858a67007f36ab5315e21ecf018c51c84e6bb1d58603edb1124bd789e2212d9989a563ecaaa82927655af522903d707eabca25515946d0
SSDEEP

192:tPHn8CAe5Iy34BSMQ75zpZMcDmdoOXvz085yU0:tfB5I6485zhm+Obf5C

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dae3b71aab5b7e8e7f78139fd2524680_JaffaCakes118

Files

dae3b71aab5b7e8e7f78139fd2524680_JaffaCakes118
.sys windows:5 windows x86 arch:x86

6882320da9bf56baeb9299e5a7942887

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

KeAttachProcess
PsLookupProcessByProcessId
_except_handler3
strncpy
ExAllocatePoolWithTag
wcscmp
DbgPrint
strncmp
IoGetCurrentProcess
IofCompleteRequest
RtlFreeAnsiString
RtlCompareMemory
RtlInitAnsiString
RtlUnicodeStringToAnsiString
RtlInitUnicodeString
IoDeleteDevice
IoDeleteSymbolicLink
KeDetachProcess
IoCreateDevice
_stricmp
ZwClose
ZwUnmapViewOfSection
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
RtlAnsiStringToUnicodeString
PsGetVersion
ExFreePool
strncat
ZwQuerySystemInformation
ZwDeviceIoControlFile
ZwQueryDirectoryFile
ZwEnumerateKey
ZwCreateKey
ZwSetValueKey
IoCreateSymbolicLink
ObfDereferenceObject

hal

KfRaiseIrql
KfLowerIrql
KeGetCurrentIrql

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 320B - Virtual size: 308B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 192B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 1014B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 544B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6882320da9bf56baeb9299e5a7942887

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 320B - Virtual size: 308B

.data Size: 192B - Virtual size: 192B

INIT Size: 1024B - Virtual size: 1014B

.reloc Size: 544B - Virtual size: 520B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 320B - Virtual size: 308B

.data
Size: 192B - Virtual size: 192B

INIT
Size: 1024B - Virtual size: 1014B

.reloc
Size: 544B - Virtual size: 520B