f06bc532fe2c57dc203a62fd503cd9f5_JaffaCakes118

General

Target

f06bc532fe2c57dc203a62fd503cd9f5_JaffaCakes118
Size

168KB
MD5

f06bc532fe2c57dc203a62fd503cd9f5
SHA1

c7bc82a59b369f0c2f7db29386dc902605561549
SHA256

b86351327945c73d5d09bcc2e353287025d75ace98ea8ab64007be375b55d8f2
SHA512

e6cabaa7b5cabed308aeaff248cb92f6b9d68eacb000e1c9b587d0fcab33927e95068428b6d4c8ffd3b26193d15775cccdd3cdccb98a55a195b8ef54a414fb3e
SSDEEP

3072:zoLth4pbw0ezTI9Lh8myoa4NiNOPn1Z/43a9P:zoGVezOV8myENiNW1p43YP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f06bc532fe2c57dc203a62fd503cd9f5_JaffaCakes118

Files

f06bc532fe2c57dc203a62fd503cd9f5_JaffaCakes118
.sys windows:5 windows x86 arch:x86

be3074d617e5d4b859bc519e18c9015e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

PsCreateSystemThread
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
RtlInitUnicodeString
wcscpy
ExFreePool
ZwQueryValueKey
ZwOpenKey
ExAllocatePoolWithTag
ZwReadFile
ZwClose
ZwQueryInformationFile
ZwOpenFile
ZwWriteFile
ZwCreateFile
wcscat
PsGetVersion
MmGetSystemRoutineAddress
strncmp
IoGetCurrentProcess
ZwMapViewOfSection
ZwCreateSection
_stricmp
ZwUnmapViewOfSection
IoDeleteSymbolicLink
IofCompleteRequest
KeWaitForSingleObject
MmUnlockPages
KeInsertQueueApc
KeInitializeApc
KeInitializeEvent
KeUnstackDetachProcess
MmMapLockedPagesSpecifyCache
KeStackAttachProcess
IoFreeMdl
MmProbeAndLockPages
IoAllocateMdl
_except_handler3
KeSetEvent
PsTerminateSystemThread
ZwAllocateVirtualMemory
ZwOpenProcess

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 352B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 544B - Virtual size: 540B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

be3074d617e5d4b859bc519e18c9015e

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 15KB - Virtual size: 15KB

.rdata Size: 352B - Virtual size: 348B

.data Size: 2KB - Virtual size: 2KB

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 544B - Virtual size: 540B

.text
Size: 15KB - Virtual size: 15KB

.rdata
Size: 352B - Virtual size: 348B

.data
Size: 2KB - Virtual size: 2KB

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 544B - Virtual size: 540B