045b8d6a70e23437d4a0763e5531c539_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

045b8d6a70e23437d4a0763e5531c539_JaffaCakes118
Size

39KB
MD5

045b8d6a70e23437d4a0763e5531c539
SHA1

b71fcc490d0564d869d698724398b4ffef1863a0
SHA256

ab01baa196fe2e2af053b0337426b36f586bacf8b2790bc1630f0942aad2d625
SHA512

f3f85ed59209f470d7415209adf02ba9423a661bfb1265c53f041f102e3a70789bb23898af8ff4e9cf8e0354cd8c7cb5f3b35866c4f7bc40c9a0dadd4b2146f6
SSDEEP

768:mq3/+3CNFMKWC3dBdjlRQxGgub2H60Uu8Dx3QOt2AtWY1vf+46HQW62:Xv+3c3bdy0Bl3RMAhn+vI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
045b8d6a70e23437d4a0763e5531c539_JaffaCakes118

Files

045b8d6a70e23437d4a0763e5531c539_JaffaCakes118
.sys windows:4 windows x86 arch:x86

12c2593015fcb77f458969de58459cfb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
RtlInitUnicodeString
ZwClose
PsGetVersion
swprintf
ZwOpenKey
wcslen
wcscat
wcscpy
strncmp
IoGetCurrentProcess
IofCompleteRequest
MmGetSystemRoutineAddress
ZwCreateFile
wcsstr
_wcslwr
_wcsicmp
ZwQueryValueKey
_except_handler3
KeDelayExecutionThread
KeQuerySystemTime
wcsncpy
wcsrchr
PsCreateSystemThread
_wcsnicmp
ObfDereferenceObject
MmIsAddressValid
ObReferenceObjectByHandle
strncpy
PsLookupProcessByProcessId
_stricmp
ZwSetValueKey
ZwSetInformationFile
ExFreePool
_snprintf
ExAllocatePoolWithTag
_snwprintf
wcschr
KeTickCount
KeQueryTimeIncrement
ZwCreateKey
RtlAnsiStringToUnicodeString
ZwDeleteKey
RtlCopyUnicodeString
IoDeviceObjectType
RtlCompareUnicodeString
IoRegisterDriverReinitialization
PsSetCreateProcessNotifyRoutine

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGEWMI
Size: 32B - Virtual size: 10B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGEDRV
Size: 32B - Virtual size: 3B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 64B - Virtual size: 51B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

12c2593015fcb77f458969de58459cfb

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 28KB - Virtual size: 28KB

.rdata Size: 256B - Virtual size: 252B

.data Size: 7KB - Virtual size: 7KB

PAGEWMI Size: 32B - Virtual size: 10B

PAGEDRV Size: 32B - Virtual size: 3B

PAGE Size: 64B - Virtual size: 51B

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 28KB - Virtual size: 28KB

.rdata
Size: 256B - Virtual size: 252B

.data
Size: 7KB - Virtual size: 7KB

PAGEWMI
Size: 32B - Virtual size: 10B

PAGEDRV
Size: 32B - Virtual size: 3B

PAGE
Size: 64B - Virtual size: 51B

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB