01e8db8d9c875bf69f4d32741ab1baee_JaffaCakes118

General

Target

01e8db8d9c875bf69f4d32741ab1baee_JaffaCakes118
Size

39KB
MD5

01e8db8d9c875bf69f4d32741ab1baee
SHA1

a5749528a3291d879ad44676068c7545f8554097
SHA256

b1017aa630be0947e4c7457a4d7f63434cc07c0e24a7c42e8f3f4a0d34f3e6d5
SHA512

5139652aef3abd0869742b839c963f9786025dff27690219739fe9a47e8e14542ffdf0c059c326aefe49b7727a6dd0f9f9e5acfa67cc1b3d27fb70fb363101be
SSDEEP

768:sot22ytt7qNfYOtuFS0K/pueabgTZNZF4FJf8zgzf9H4iBt2a4mKG6a0i0i5t6zL:ztg7qNfYBS0neawz4bf8cLJfF6ri5tzk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
01e8db8d9c875bf69f4d32741ab1baee_JaffaCakes118

Files

01e8db8d9c875bf69f4d32741ab1baee_JaffaCakes118
.sys windows:4 windows x86 arch:x86

fc04ce3a0429eb8e9891d4e5cf6f9b55

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

MmIsAddressValid
IoDeviceObjectType
wcsncpy
IoGetCurrentProcess
PsGetVersion
ZwQueryValueKey
RtlInitUnicodeString
strncpy
RtlCompareUnicodeString
MmGetSystemRoutineAddress
ZwClose
ZwSetValueKey
ZwCreateKey
PsSetCreateProcessNotifyRoutine
ZwCreateFile
swprintf
ObfDereferenceObject
ObReferenceObjectByHandle
ZwOpenKey
wcsrchr
PsLookupProcessByProcessId
_stricmp
_wcsnicmp
wcslen
_except_handler3
_snwprintf
ExAllocatePoolWithTag
IofCompleteRequest
wcsstr
_wcslwr
wcscat
wcscpy
wcschr
KeQuerySystemTime
PsCreateSystemThread
RtlCopyUnicodeString
strncmp
IoRegisterDriverReinitialization
KeDelayExecutionThread
_wcsicmp
ExFreePool
_snprintf
KeTickCount
KeQueryTimeIncrement
ZwSetInformationFile
ZwDeleteKey
RtlAnsiStringToUnicodeString
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 64B - Virtual size: 50B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fc04ce3a0429eb8e9891d4e5cf6f9b55

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 28KB - Virtual size: 28KB

.rdata Size: 256B - Virtual size: 252B

.data Size: 6KB - Virtual size: 6KB

PAGE Size: 64B - Virtual size: 50B

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 28KB - Virtual size: 28KB

.rdata
Size: 256B - Virtual size: 252B

.data
Size: 6KB - Virtual size: 6KB

PAGE
Size: 64B - Virtual size: 50B

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB