fb8f56d69c0065d7f8e844a4432d5770_JaffaCakes118

General

Target

fb8f56d69c0065d7f8e844a4432d5770_JaffaCakes118
Size

9KB
MD5

fb8f56d69c0065d7f8e844a4432d5770
SHA1

58fb9a056c5592b7e21ac082503bb30e08cede74
SHA256

2b9f56a693faf453089243a63947c6faa1746e4e15ad4d3ba46c36e06d71de69
SHA512

06350770fcedf5442a091400c495de72f2761d960f4e9b7e09a42159acecfedfb0a8838978631238965a66ae31106e37e4fe0e08cb7ef3caa90c1661b57a5b82
SSDEEP

192:sXgm8xjAtI1BuH976Dt2d7kZP95iaAsrPxFgqIeZMfkmLHXW7C75Jpr:sgfxTBz4dsZDwqdIP3Xnr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fb8f56d69c0065d7f8e844a4432d5770_JaffaCakes118

Files

fb8f56d69c0065d7f8e844a4432d5770_JaffaCakes118
.sys windows:5 windows x86 arch:x86

20480d0457c44c30687aa5dbc8cbdb1f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\1SYS\i386\msdirectx.pdb

Imports

ntoskrnl.exe

strncmp
IoGetCurrentProcess
RtlInitUnicodeString
ObQueryNameString
ObfDereferenceObject
ObReferenceObjectByHandle
RtlCompareUnicodeString
RtlFreeAnsiString
RtlCompareMemory
RtlUpperString
RtlUnicodeStringToAnsiString
RtlInitAnsiString
ZwEnumerateKey
ZwEnumerateValueKey
ZwQuerySystemInformation
ZwQueryDirectoryFile
atoi
RtlFreeUnicodeString
RtlQueryRegistryValues
IoDeleteDevice
IoDeleteSymbolicLink
PsLookupProcessByProcessId
ExAllocatePoolWithTag
ExFreePoolWithTag
ZwQueryKey
KeServiceDescriptorTable
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice
MmGetSystemRoutineAddress
MmIsAddressValid
NtBuildNumber

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 295B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 116B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 896B - Virtual size: 886B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 768B - Virtual size: 712B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

20480d0457c44c30687aa5dbc8cbdb1f

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 384B - Virtual size: 295B

.data Size: 128B - Virtual size: 116B

INIT Size: 896B - Virtual size: 886B

.reloc Size: 768B - Virtual size: 712B

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 384B - Virtual size: 295B

.data
Size: 128B - Virtual size: 116B

INIT
Size: 896B - Virtual size: 886B

.reloc
Size: 768B - Virtual size: 712B