043a78e346e6ebf3072d2f02368729b4_JaffaCakes118

General

Target

043a78e346e6ebf3072d2f02368729b4_JaffaCakes118
Size

120KB
MD5

043a78e346e6ebf3072d2f02368729b4
SHA1

0295e167c15afa92d2170fbce274307395c00913
SHA256

e00ae4ee4adfe121b1ffe9083d1c05f62e5d10ffcb67d47c938e9c1f54ece21e
SHA512

7c8541b75d0a81674bc894f89b38a6abb72c5b48fd6ba6323c3e9263ad20e120384baf9efa15ee9d8ed0a5aeddbce3d7523ebbe2e04d28cb3a75740b234ba354
SSDEEP

3072:4A7U5/vCfbTAH5aBofCjeljNPNJnl7qEQQ:4A7U5/+2oel9Nhl7qEQQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
043a78e346e6ebf3072d2f02368729b4_JaffaCakes118

Files

043a78e346e6ebf3072d2f02368729b4_JaffaCakes118
.sys windows:5 windows x86 arch:x86

38fb2e67128e29ab8669d8c4e89b6035

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Homework\job20090122\Wis080927\objchk\i386\hcpidesk.pdb

Imports

ntoskrnl.exe

IoDeleteDevice
MmGetSystemRoutineAddress
RtlInitUnicodeString
wcscpy
ExFreePoolWithTag
ZwReadFile
ExAllocatePoolWithTag
ZwClose
ZwQueryInformationFile
ZwOpenFile
ZwQueryValueKey
ZwOpenKey
PsCreateSystemThread
PsGetVersion
strncmp
IoGetCurrentProcess
ZwMapViewOfSection
ZwCreateSection
ZwCreateFile
_stricmp
ZwUnmapViewOfSection
IoDeleteSymbolicLink
PsSetCreateProcessNotifyRoutine
IofCompleteRequest
KeWaitForSingleObject
MmUnlockPages
KeInsertQueueApc
KeInitializeApc
KeInitializeEvent
KeUnstackDetachProcess
MmMapLockedPagesSpecifyCache
KeStackAttachProcess
IoFreeMdl
MmProbeAndLockPages
IoAllocateMdl
_except_handler3
KeSetEvent
ZwAllocateVirtualMemory
KeClearEvent
IoCreateNotificationEvent
ObfDereferenceObject
PsLookupProcessByProcessId
IoCreateDevice
ZwWriteFile
wcscat

Exports

Exports

?KaHtml1@@YGHXZ
?KaHtml@@YGHXZ

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 455B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 128B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 640B - Virtual size: 602B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

38fb2e67128e29ab8669d8c4e89b6035

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 512B - Virtual size: 455B

.data Size: 2KB - Virtual size: 2KB

.edata Size: 128B - Virtual size: 104B

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 640B - Virtual size: 602B

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 512B - Virtual size: 455B

.data
Size: 2KB - Virtual size: 2KB

.edata
Size: 128B - Virtual size: 104B

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 640B - Virtual size: 602B