e10e8fc2322eda5669ab21fd45556549_JaffaCakes118

General

Target

e10e8fc2322eda5669ab21fd45556549_JaffaCakes118
Size

51KB
MD5

e10e8fc2322eda5669ab21fd45556549
SHA1

4efc9ce13020ec37493b39b715e21cd216f1c1da
SHA256

30cd574d80b217e793815622a002d89e210baba5ec4f86d47f65a62f4e7d55b7
SHA512

b76352bfc61dbd58316029fe811d044d9f1eb6cb011d101443391814ad78b0ccc16bd403dffb042a3d20d30b34589a8fe9f82203701759b26616d6343399dc9f
SSDEEP

768:fwCcy62b90RPQLczIboGu9O8NPVg7VdF/aAD0+6mZyJpeSca3N1f6vSlw6oy52B9:scc7Oy+R6Ky7fFw6oy52FvF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e10e8fc2322eda5669ab21fd45556549_JaffaCakes118

Files

e10e8fc2322eda5669ab21fd45556549_JaffaCakes118
.sys windows:4 windows x86 arch:x86

27b7bcf4fdfeb2b018c02159072faac5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwClose
wcsstr
ZwQueryValueKey
ZwOpenKey
RtlInitUnicodeString
_except_handler3
ExFreePool
wcscat
wcscpy
ZwEnumerateKey
ExAllocatePoolWithTag
wcsncmp
wcslen
towlower
MmGetSystemRoutineAddress
PsCreateSystemThread
KeDelayExecutionThread
strncmp
IoGetCurrentProcess
PsGetVersion
strncpy
_strnicmp
ZwDeleteValueKey
_wcsnicmp
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
ExGetPreviousMode
ZwSetValueKey
IofCompleteRequest
ZwCreateFile
IoRegisterDriverReinitialization
ZwWriteFile
ZwSetInformationFile
ZwReadFile
ZwQueryInformationFile

Sections

.text
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 288B - Virtual size: 259B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 960B - Virtual size: 954B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

27b7bcf4fdfeb2b018c02159072faac5

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 41KB - Virtual size: 41KB

.data Size: 6KB - Virtual size: 6KB

PAGE Size: 288B - Virtual size: 259B

INIT Size: 960B - Virtual size: 954B

.reloc Size: 1024B - Virtual size: 1016B

.text
Size: 41KB - Virtual size: 41KB

.data
Size: 6KB - Virtual size: 6KB

PAGE
Size: 288B - Virtual size: 259B

INIT
Size: 960B - Virtual size: 954B

.reloc
Size: 1024B - Virtual size: 1016B