f6eb5d76a41c85a8fa3d525a2569ad64_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f6eb5d76a41c85a8fa3d525a2569ad64_JaffaCakes118
Size

40KB
MD5

f6eb5d76a41c85a8fa3d525a2569ad64
SHA1

0a98f9a4ca662e8a04c47479399a0a4f5a00ce9f
SHA256

0653e1475c9c22471d5d822e34d909cb8079d014d9fad6ef4972ad0fb1456850
SHA512

ec437fbb0c7a871df02ade3cbfc3fb235c363e93762be64712157d840b596baf748eb5e987278bc28e7638724680885ba22a142cfed764b5761c837206d7e20d
SSDEEP

768:7U1vu7tjGHNmzMowJias9+gf549eRSOMz7oxovzZhmj988miW7L2i:oWtjGHNuMxJiay29ewOMoc1h6ylt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f6eb5d76a41c85a8fa3d525a2569ad64_JaffaCakes118

Files

f6eb5d76a41c85a8fa3d525a2569ad64_JaffaCakes118
.sys windows:4 windows x86 arch:x86

b4e34b7d1717d6993d12b2ed7d305bb0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwClose
ZwQueryValueKey
RtlInitUnicodeString
ZwOpenKey
ZwSetValueKey
_wcsnicmp
wcslen
ObfDereferenceObject
IoRegisterDriverReinitialization
PsCreateSystemThread
swprintf
wcscat
wcscpy
IofCompleteRequest
PsSetCreateProcessNotifyRoutine
ExFreePool
_snprintf
ExAllocatePoolWithTag
_except_handler3
MmIsAddressValid
ObReferenceObjectByHandle
wcsncpy
wcsrchr
MmGetSystemRoutineAddress
PsGetVersion
ZwCreateKey
IoDeviceObjectType
RtlCompareUnicodeString
KeQuerySystemTime
_stricmp
wcsstr
_wcslwr
_wcsicmp
KeTickCount
KeQueryTimeIncrement
RtlAnsiStringToUnicodeString
_snwprintf
wcschr
ZwDeleteKey
strncpy
IoGetCurrentProcess
strncmp
PsLookupProcessByProcessId
ZwCreateFile
ZwSetInformationFile
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
KeDelayExecutionThread
RtlCopyUnicodeString

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 64B - Virtual size: 64B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGEWMI
Size: 32B - Virtual size: 10B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGEDRV
Size: 32B - Virtual size: 8B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGESYS
Size: 32B - Virtual size: 3B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 736B - Virtual size: 712B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b4e34b7d1717d6993d12b2ed7d305bb0

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 28KB - Virtual size: 28KB

.data Size: 6KB - Virtual size: 6KB

PAGE Size: 64B - Virtual size: 64B

PAGEWMI Size: 32B - Virtual size: 10B

PAGEDRV Size: 32B - Virtual size: 8B

PAGESYS Size: 32B - Virtual size: 3B

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 736B - Virtual size: 712B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 28KB - Virtual size: 28KB

.data
Size: 6KB - Virtual size: 6KB

PAGE
Size: 64B - Virtual size: 64B

PAGEWMI
Size: 32B - Virtual size: 10B

PAGEDRV
Size: 32B - Virtual size: 8B

PAGESYS
Size: 32B - Virtual size: 3B

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 736B - Virtual size: 712B

.reloc
Size: 1KB - Virtual size: 1KB