ffb71d66f7eb4e324eb940dc10c046a8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ffb71d66f7eb4e324eb940dc10c046a8_JaffaCakes118
Size

39KB
MD5

ffb71d66f7eb4e324eb940dc10c046a8
SHA1

5e27a0f2eddf8c02172e3f35b3e4aa8f28d3b525
SHA256

0b834c444b6be835c46ec86fb3c3f8f16369eb2c672bfc825b85af2652d79d23
SHA512

26eae4ceac97a61fc379deb9decb182ea9cd9f9f4fd3bd25b1075339b12ac55a4d0994071caecc3101e06fcebbeba518a5923e6993d417f2e4cdf7ed88944d72
SSDEEP

768:7nqny0HMp+ZGtR4GJEin1r5hAFj0dRdsDi30/cmtuFgi8r6qgNKOq:uny0E7r4Gi05CczsD00/hcgdWqgC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ffb71d66f7eb4e324eb940dc10c046a8_JaffaCakes118

Files

ffb71d66f7eb4e324eb940dc10c046a8_JaffaCakes118
.sys windows:4 windows x86 arch:x86

c3d40297fdd5bd3dde9d58e3adf7e011

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwClose
ZwQueryValueKey
RtlInitUnicodeString
_wcsnicmp
wcslen
ObfDereferenceObject
ZwOpenKey
swprintf
wcscat
wcscpy
RtlAnsiStringToUnicodeString
IoRegisterDriverReinitialization
ZwSetValueKey
MmIsAddressValid
ObReferenceObjectByHandle
wcsncpy
wcsrchr
RtlCompareUnicodeString
ZwSetInformationFile
ZwCreateFile
PsSetCreateProcessNotifyRoutine
_wcsicmp
ZwDeleteKey
KeQuerySystemTime
IoDeviceObjectType
KeTickCount
KeQueryTimeIncrement
_stricmp
_snwprintf
wcschr
ExAllocatePoolWithTag
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
strncmp
KeDelayExecutionThread
RtlCopyUnicodeString
ExFreePool
MmGetSystemRoutineAddress
ZwCreateKey
IoGetCurrentProcess
PsGetVersion
PsCreateSystemThread
strncpy
PsLookupProcessByProcessId
_except_handler3
wcsstr
_wcslwr
_snprintf
IofCompleteRequest

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 64B - Virtual size: 45B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGEWMI
Size: 32B - Virtual size: 10B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGEDRV
Size: 32B - Virtual size: 3B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 736B - Virtual size: 712B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c3d40297fdd5bd3dde9d58e3adf7e011

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 28KB - Virtual size: 28KB

.data Size: 6KB - Virtual size: 6KB

PAGE Size: 64B - Virtual size: 45B

PAGEWMI Size: 32B - Virtual size: 10B

PAGEDRV Size: 32B - Virtual size: 3B

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 736B - Virtual size: 712B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 28KB - Virtual size: 28KB

.data
Size: 6KB - Virtual size: 6KB

PAGE
Size: 64B - Virtual size: 45B

PAGEWMI
Size: 32B - Virtual size: 10B

PAGEDRV
Size: 32B - Virtual size: 3B

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 736B - Virtual size: 712B

.reloc
Size: 1KB - Virtual size: 1KB