f0bce7f220669f3bfe4e6eacefd69d6e_JaffaCakes118

General

Target

f0bce7f220669f3bfe4e6eacefd69d6e_JaffaCakes118
Size

39KB
MD5

f0bce7f220669f3bfe4e6eacefd69d6e
SHA1

06e70637c91150daf0133634efecf898e6d61d69
SHA256

7985c3cbf903e59782546ecabb6c121eed85e686fda6e3fdcfe24100d147705d
SHA512

49233439d0c15ac01c18e81880ccb24c1b0a69911bd79e6dd58cca9be33e8fce2d4ba0171acca33cd43f1a219f96dba87f37c25967c0e2fe421a419085753801
SSDEEP

768:iK8UHWOoROXUhQqn58VzW8C4M/7E5+dbPl6yzvSmngTttTBHj8HFWiZSNGbSG2:iK8xYkhQq58VzW8Ce5+dbP1SmgZth8lu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f0bce7f220669f3bfe4e6eacefd69d6e_JaffaCakes118

Files

f0bce7f220669f3bfe4e6eacefd69d6e_JaffaCakes118
.sys windows:4 windows x86 arch:x86

94e68a69ea82d30459ccf76c3fb2f953

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwClose
swprintf
ZwOpenKey
PsSetCreateProcessNotifyRoutine
IoRegisterDriverReinitialization
KeTickCount
KeQueryTimeIncrement
_stricmp
MmGetSystemRoutineAddress
RtlInitUnicodeString
_wcsnicmp
wcslen
_snwprintf
ExAllocatePoolWithTag
MmIsAddressValid
ZwQueryValueKey
ExFreePool
_snprintf
PsGetVersion
ObfDereferenceObject
ObReferenceObjectByHandle
wcsncpy
wcsrchr
RtlCopyUnicodeString
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
wcsstr
_wcslwr
IofCompleteRequest
ZwSetValueKey
wcschr
_wcsicmp
IoDeviceObjectType
PsCreateSystemThread
wcscat
wcscpy
RtlCompareUnicodeString
IoGetCurrentProcess
ZwSetInformationFile
ZwCreateFile
strncpy
ZwDeleteKey
KeQuerySystemTime
ZwCreateKey
KeDelayExecutionThread
strncmp
RtlAnsiStringToUnicodeString
_except_handler3
PsLookupProcessByProcessId

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 64B - Virtual size: 57B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

94e68a69ea82d30459ccf76c3fb2f953

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 28KB - Virtual size: 28KB

.rdata Size: 256B - Virtual size: 252B

.data Size: 6KB - Virtual size: 6KB

PAGE Size: 64B - Virtual size: 57B

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 28KB - Virtual size: 28KB

.rdata
Size: 256B - Virtual size: 252B

.data
Size: 6KB - Virtual size: 6KB

PAGE
Size: 64B - Virtual size: 57B

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB