fa1b58f110eb6cbfe47811c500440fc1_JaffaCakes118

General

Target

fa1b58f110eb6cbfe47811c500440fc1_JaffaCakes118
Size

52KB
MD5

fa1b58f110eb6cbfe47811c500440fc1
SHA1

3413c45f2a1cac5f8ef4a07bea6470a409033aec
SHA256

294e02e484ac91ba171e83b6f5306c2ee812fc24b4d4e6a4e6be39b34442da3d
SHA512

81f1f9b80805392f44efb1c269eebb242d2ad44856e1c74dc6d89fd3d35f07a922fc1a39da51cd847c4d88f207bed5321d516a6daa7ef86cccefa2189bc83334
SSDEEP

768:5k4dycNqk2QrvzMUbiDXF+IDQEs1k3YIOIdnR23QC5ZzAWUtzput+y272:em5akA0OET1JCsZz+uH2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fa1b58f110eb6cbfe47811c500440fc1_JaffaCakes118

Files

fa1b58f110eb6cbfe47811c500440fc1_JaffaCakes118
.sys windows:4 windows x86 arch:x86

c1ac7c28c5da40e75721aa46b614c6c8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwClose
ExFreePool
wcscat
wcscpy
ZwEnumerateKey
ExAllocatePoolWithTag
ZwOpenKey
RtlInitUnicodeString
ZwCreateFile
IoRegisterDriverReinitialization
MmGetSystemRoutineAddress
PsCreateSystemThread
_strnicmp
wcsstr
ZwQueryValueKey
_except_handler3
IofCompleteRequest
IoGetCurrentProcess
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
ExGetPreviousMode
ZwSetValueKey
PsGetVersion
KeDelayExecutionThread
ZwWriteFile
ZwSetInformationFile
ZwReadFile
ZwQueryInformationFile
wcsncmp
wcslen
towlower
strncmp
strncpy
ZwDeleteValueKey
_wcsnicmp
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime

Sections

.text
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 256B - Virtual size: 246B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 960B - Virtual size: 954B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 1020B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c1ac7c28c5da40e75721aa46b614c6c8

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 43KB - Virtual size: 43KB

.data Size: 6KB - Virtual size: 6KB

PAGE Size: 256B - Virtual size: 246B

INIT Size: 960B - Virtual size: 954B

.reloc Size: 1024B - Virtual size: 1020B

.text
Size: 43KB - Virtual size: 43KB

.data
Size: 6KB - Virtual size: 6KB

PAGE
Size: 256B - Virtual size: 246B

INIT
Size: 960B - Virtual size: 954B

.reloc
Size: 1024B - Virtual size: 1020B