e0884d33775c55ad2745f0585c7f1b0f_JaffaCakes118

General

Target

e0884d33775c55ad2745f0585c7f1b0f_JaffaCakes118
Size

29KB
MD5

e0884d33775c55ad2745f0585c7f1b0f
SHA1

b6bb003d52ede9bec827df111cfe3452f26770b1
SHA256

742fada4fe585204928e7cd883d7a32d7c5582bcc81c866f076b3067e1df7206
SHA512

3e1782229a1336c9f12a092235c230df5651dcc22bdd20a18eb04d0dfa3a367164c2a3dca106ed050f2797a757a17d47ded3d5269ee2a87d9c81613e1877db4e
SSDEEP

384:k+nfN1ST2A5UpgzlSc2KUmCQTeegbtSPk1toY/dv5dN:JaAgJSTfmqegSOtndR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e0884d33775c55ad2745f0585c7f1b0f_JaffaCakes118

Files

e0884d33775c55ad2745f0585c7f1b0f_JaffaCakes118
.sys windows:6 windows x86 arch:x86

cc39e7f19a17fcb1d117f4d78d46ca46

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\work\0047.bho\bho\bho_full_tbws\clever\objfre_wxp_x86\i386\VIDEO.pdb

Imports

ntoskrnl.exe

_strlwr
ObReferenceObjectByHandle
IoGetCurrentProcess
memset
PsLookupProcessByProcessId
wcsncpy
_wcsicmp
memcpy
IoFreeMdl
MmUnmapLockedPages
ZwQueryDirectoryFile
ZwOpenProcess
ZwTerminateProcess
PsGetVersion
MmMapLockedPages
MmBuildMdlForNonPagedPool
MmCreateMdl
KeServiceDescriptorTable
ExFreePoolWithTag
ObQueryNameString
ExAllocatePool
KeDelayExecutionThread
ZwClose
ZwWriteFile
ZwCreateFile
_stricmp
ExAllocatePoolWithTag
ZwReadFile
ProbeForRead
ZwQuerySystemInformation
ZwCreateKey
swprintf
RtlWriteRegistryValue
RtlCreateRegistryKey
ZwDeleteKey
ZwOpenKey
ZwDeleteValueKey
wcsstr
ZwEnumerateValueKey
ZwQueryKey
_wcslwr
ZwEnumerateKey
PsTerminateSystemThread
CmRegisterCallback
CmUnRegisterCallback
KeQuerySystemTime
PsCreateSystemThread
KeTickCount
KeBugCheckEx
RtlInitUnicodeString
ObfDereferenceObject
RtlUnwind

hal

KeGetCurrentIrql

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cc39e7f19a17fcb1d117f4d78d46ca46

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

hal

Sections

.text Size: 2KB - Virtual size: 2KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 2KB - Virtual size: 2KB

PAGE Size: 16KB - Virtual size: 16KB

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 2KB - Virtual size: 2KB

PAGE
Size: 16KB - Virtual size: 16KB

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB