fe318795fa98d9da38557e1cd0d0a94a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fe318795fa98d9da38557e1cd0d0a94a_JaffaCakes118
Size

39KB
MD5

fe318795fa98d9da38557e1cd0d0a94a
SHA1

0c0c4e6aed20d494b5cc41dbe6293fbb402abaf4
SHA256

17b106f925e13ec0b7ea033d529e764571ba734986e13cd21e08daa273d645a5
SHA512

23a12cb2556765d0fc133d1e36f1cdc4a3b63c31939c47c0e9c0f2a45d53f9ad3545c1924721c36257004d77d38f37ce7c3af157bc4f728a19091beb2b3d4c65
SSDEEP

768:ksR5zW5ErAo1wlx3atzAkHptt/7yHQFYlzvl9P1ijYqV5PRZrEMI6ITd8:d5zW5Er/nzAstt/73YDitPvrY6IB8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fe318795fa98d9da38557e1cd0d0a94a_JaffaCakes118

Files

fe318795fa98d9da38557e1cd0d0a94a_JaffaCakes118
.sys windows:4 windows x86 arch:x86

4e865ed3f90f746c4dd301146c203845

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

_snwprintf
ExAllocatePoolWithTag
RtlInitUnicodeString
MmIsAddressValid
ZwClose
ZwDeleteKey
swprintf
_stricmp
wcsstr
_wcslwr
ZwSetValueKey
ZwQueryValueKey
ZwOpenKey
_except_handler3
IofCompleteRequest
strncmp
_wcsnicmp
wcslen
ObfDereferenceObject
_wcsicmp
wcsncpy
wcsrchr
wcscat
wcscpy
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
strncpy
IoGetCurrentProcess
ExFreePool
wcschr
ZwCreateKey
ZwSetInformationFile
ZwCreateFile
PsSetCreateProcessNotifyRoutine
PsLookupProcessByProcessId
_snprintf
KeTickCount
KeQueryTimeIncrement
ObReferenceObjectByHandle
RtlCopyUnicodeString
KeQuerySystemTime
KeDelayExecutionThread
PsGetVersion
RtlCompareUnicodeString
MmGetSystemRoutineAddress
PsCreateSystemThread
RtlAnsiStringToUnicodeString
IoDeviceObjectType
IoRegisterDriverReinitialization

Sections

.text
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGEWMI
Size: 32B - Virtual size: 10B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGEDRV
Size: 32B - Virtual size: 3B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 96B - Virtual size: 85B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 736B - Virtual size: 712B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4e865ed3f90f746c4dd301146c203845

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 27KB - Virtual size: 27KB

.data Size: 6KB - Virtual size: 6KB

PAGEWMI Size: 32B - Virtual size: 10B

PAGEDRV Size: 32B - Virtual size: 3B

PAGE Size: 96B - Virtual size: 85B

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 736B - Virtual size: 712B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 27KB - Virtual size: 27KB

.data
Size: 6KB - Virtual size: 6KB

PAGEWMI
Size: 32B - Virtual size: 10B

PAGEDRV
Size: 32B - Virtual size: 3B

PAGE
Size: 96B - Virtual size: 85B

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 736B - Virtual size: 712B

.reloc
Size: 1KB - Virtual size: 1KB