06d5b03d224dfcbced306040795a6590_JaffaCakes118

General

Target

06d5b03d224dfcbced306040795a6590_JaffaCakes118
Size

22KB
MD5

06d5b03d224dfcbced306040795a6590
SHA1

142922ea03ea1178608186cd09eeb1fe8b0ecd39
SHA256

bf86cbaf6fe47d5dfe04c493341e4d4e33ff6a1c68d2cea22597a925963ea77f
SHA512

4a088cab3a42344c65c248e50f3073a97aa36bd12249a1045d9b1e6c35978fc72ec85ca6c7bc9aa0fbb4e09b3d69fc19577868dc0cb1fada0fcb819c2b2a9bb2
SSDEEP

384:Hc9v3EyuvymGliKpcYcYMy/zivqQErmLOx4/M3pORWquGU4vDxDYHjF4N09z3b7:OCG9+u7gFrK1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
06d5b03d224dfcbced306040795a6590_JaffaCakes118

Files

06d5b03d224dfcbced306040795a6590_JaffaCakes118
.sys windows:5 windows x86 arch:x86

d01898c9fa0741d46baef42d72661e34

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExGetPreviousMode
MmIsAddressValid
ProbeForWrite
ProbeForRead
_except_handler3
_stricmp
IofCompleteRequest
PsGetCurrentProcessId
_strupr
IoGetCurrentProcess
RtlFreeAnsiString
_strlwr
strrchr
RtlUnicodeStringToAnsiString
KeUnstackDetachProcess
ZwTerminateProcess
KeStackAttachProcess
PsLookupProcessByProcessId
ExFreePool
ExAllocatePoolWithTag
ZwPulseEvent
MmGetSystemRoutineAddress
IoCreateSymbolicLink
IoCreateDevice
RtlInitUnicodeString
ZwQuerySystemInformation
ZwQueryInformationProcess
strncmp
IoDeleteDevice
IoDeleteSymbolicLink
MmMapLockedPages
MmBuildMdlForNonPagedPool
MmCreateMdl
MmSizeOfMdl
PsTerminateSystemThread

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

vmata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

zyata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

vtata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 928B - Virtual size: 912B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 384B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d01898c9fa0741d46baef42d72661e34

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 14KB - Virtual size: 14KB

vmata Size: 2KB - Virtual size: 2KB

zyata Size: 2KB - Virtual size: 2KB

vtata Size: 2KB - Virtual size: 2KB

INIT Size: 928B - Virtual size: 912B

.reloc Size: 384B - Virtual size: 384B

.text
Size: 14KB - Virtual size: 14KB

vmata
Size: 2KB - Virtual size: 2KB

zyata
Size: 2KB - Virtual size: 2KB

vtata
Size: 2KB - Virtual size: 2KB

INIT
Size: 928B - Virtual size: 912B

.reloc
Size: 384B - Virtual size: 384B