de7fb27407b76f3e6529265a81df90d6_JaffaCakes118

General

Target

de7fb27407b76f3e6529265a81df90d6_JaffaCakes118
Size

55KB
MD5

de7fb27407b76f3e6529265a81df90d6
SHA1

ee7cfe4e7e63d7ef981b6810d1ff7004cd9566ca
SHA256

575db3f68940411e02278375b52d64bde169c971f0e7baa6ffd59348f11c6bc3
SHA512

5d2d12ade82cd6a5ae3c8186a1a46e547dd59b153e1333c89971902f327c4fc7d8ce58140f189f85b7c74ceb22b1da8330bb3ec562fe1cb9d0e356984fd50011
SSDEEP

1536:gcp0LDwg972gjjRBC9ypeNKZAYSipycHoIABfEH1k3rcJZL9Hgud7AiFKh2P:g/PSMwOaiMPI+Ieh2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
de7fb27407b76f3e6529265a81df90d6_JaffaCakes118

Files

de7fb27407b76f3e6529265a81df90d6_JaffaCakes118
.sys windows:4 windows x86 arch:x86

1d875add1b5b9654458998435690c00c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwClose
ZwCreateFile
RtlInitUnicodeString
IoRegisterDriverReinitialization
_wcsnicmp
wcslen
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
ZwQueryValueKey
ZwOpenKey
_except_handler3
MmGetSystemRoutineAddress
ExFreePool
ZwWriteFile
ZwSetInformationFile
ZwReadFile
ExAllocatePoolWithTag
ZwQueryInformationFile
wcscat
wcscpy
PsCreateSystemThread
RtlCopyUnicodeString
KeDelayExecutionThread
ZwSetValueKey
ZwEnumerateKey
strncmp
IoGetCurrentProcess
PsGetVersion
strncpy
IofCompleteRequest
ZwDeleteValueKey
wcsstr
_strnicmp
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
ExGetPreviousMode
wcsncmp
towlower

Sections

.text
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 224B - Virtual size: 197B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 992B - Virtual size: 982B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1d875add1b5b9654458998435690c00c

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 45KB - Virtual size: 45KB

.data Size: 6KB - Virtual size: 6KB

PAGE Size: 224B - Virtual size: 197B

INIT Size: 992B - Virtual size: 982B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 45KB - Virtual size: 45KB

.data
Size: 6KB - Virtual size: 6KB

PAGE
Size: 224B - Virtual size: 197B

INIT
Size: 992B - Virtual size: 982B

.reloc
Size: 1KB - Virtual size: 1KB