dc0bcd08d3947699e6edeea0f56bc663_JaffaCakes118

General

Target

dc0bcd08d3947699e6edeea0f56bc663_JaffaCakes118
Size

18KB
MD5

dc0bcd08d3947699e6edeea0f56bc663
SHA1

bfe318e4b0ae0f151f1c2d2cd1a43c5675e3aeb5
SHA256

e7257a454a1045dd17e7d4b01eefc8f3d78296a6900a996a42f0e148570a1517
SHA512

83a2102399739f05f9d2f233869b1475ec541ea9e150f48659876b9b2f91fc215ec87bec5f2e7eb46e91afa131ea30caedd0b87ab1a7ecf1c8e4a464ef3801d8
SSDEEP

384:n0cho/DAa/wtUPVdN07SsiIbeWhLqDSMSDbnL5qtQGbOVTd5jMh3:n0chcA7aNmSsiIbhLq+BHL5qtQGbOJdI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dc0bcd08d3947699e6edeea0f56bc663_JaffaCakes118

Files

dc0bcd08d3947699e6edeea0f56bc663_JaffaCakes118
.sys windows:4 windows x86 arch:x86

a0c266f34036dd0fe0320bce20f0d943

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwClose
ExFreePool
wcscpy
ZwEnumerateKey
wcscat
ExAllocatePoolWithTag
ZwOpenKey
RtlInitUnicodeString
KeDelayExecutionThread
IofCompleteRequest
IoGetCurrentProcess
ZwWriteFile
ZwSetInformationFile
ZwReadFile
ZwQueryInformationFile
ZwCreateFile
strchr
isupper
strncmp
PsGetVersion
strncpy
_wcsnicmp
wcslen
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
wcsstr
ZwQueryValueKey
atoi
_except_handler3
strrchr
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
ExGetPreviousMode
KeServiceDescriptorTable
ZwSetValueKey
isspace
strstr
IoRegisterDriverReinitialization
_strnicmp
ZwDeleteValueKey
PsCreateSystemThread
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
islower
isprint
wcsncmp
towlower
tolower
toupper
atol

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a0c266f34036dd0fe0320bce20f0d943

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 9KB - Virtual size: 9KB

.data Size: 6KB - Virtual size: 6KB

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 1008B

.text
Size: 9KB - Virtual size: 9KB

.data
Size: 6KB - Virtual size: 6KB

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 1008B