e13c8333460ffa4d166cf32d8eb48989_JaffaCakes118

General

Target

e13c8333460ffa4d166cf32d8eb48989_JaffaCakes118
Size

33KB
MD5

e13c8333460ffa4d166cf32d8eb48989
SHA1

8676519d0e793cbe363dcbe38d5805d498597710
SHA256

069ff7cd00da258e67c580eb13f052e42987bd9ce697e6283ba8aae9a762739b
SHA512

01e857c5c925f9d4bb257c871edff44a70b0a5bb591870bd4476cc402d9cc1a9e6f7ee3467509800ef16eb8760f5de748d5d1b484e78a2bff4174846b5ee645a
SSDEEP

768:UEDD3voy+OT0cMR7R9mcxbT48Ro8oGd1hC0TvMvPDQqXtZvYWLge+1hfwME:x3voy+OT9khbTnRXbThHvuLQqXtZvl7M

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e13c8333460ffa4d166cf32d8eb48989_JaffaCakes118

Files

e13c8333460ffa4d166cf32d8eb48989_JaffaCakes118
.sys windows:4 windows x86 arch:x86

723abebd7b157efffe042c3f49a00f20

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

MmIsAddressValid
ZwClose
ZwUnmapViewOfSection
RtlInitUnicodeString
srand
strchr
strstr
strrchr
toupper
isspace
isprint
islower
atoi
isdigit
atol
tolower
isupper
PsSetCreateProcessNotifyRoutine
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
PsGetVersion
ZwCreateFile
IoRegisterDriverReinitialization
KeDelayExecutionThread
ZwCreateKey
wcslen
swprintf
wcscat
wcscpy
isxdigit
_wcslwr
wcsncpy
_snprintf
ExFreePool
ExAllocatePoolWithTag
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
PsTerminateSystemThread
PsCreateSystemThread
_stricmp
strncpy
PsLookupProcessByProcessId
KeInitializeTimer
IofCompleteRequest
RtlAnsiStringToUnicodeString
strncmp
IoGetCurrentProcess
_wcsnicmp
ZwEnumerateKey
ZwSetValueKey
ZwOpenKey

Sections

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

723abebd7b157efffe042c3f49a00f20

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 26KB - Virtual size: 26KB

.data Size: 3KB - Virtual size: 3KB

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 26KB - Virtual size: 26KB

.data
Size: 3KB - Virtual size: 3KB

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB