096459e05925e37344e2454e86da6ba6_JaffaCakes118

General

Target

096459e05925e37344e2454e86da6ba6_JaffaCakes118
Size

30KB
MD5

096459e05925e37344e2454e86da6ba6
SHA1

2b491f0b7ba5b7ce8ca45121307fd93ff04cc646
SHA256

09ae768b42f99523681a7ee1e34af5585344a3d0ecddd93cad4e3523db13c22d
SHA512

27566939f0e20f6bb2c0e327c12d8bcb77534c32dd72242a5bed18da869cbd6758e21cb9fa949317f7fbcf363766fa74484219e145b6eaa447d0ea90a58288b4
SSDEEP

768:gou3IWky8g4bhiO1vG8VCgEE3xkGobMT:g9Y/g4bhxcgduG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
096459e05925e37344e2454e86da6ba6_JaffaCakes118

Files

096459e05925e37344e2454e86da6ba6_JaffaCakes118
.sys windows:5 windows x86 arch:x86

9f0726a1438d256a4bf7272ab484a397

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExFreePoolWithTag
ExIsResourceAcquiredSharedLite
ExIsResourceAcquiredExclusiveLite
ExGetSharedWaiterCount
ExAllocatePool
ExGetExclusiveWaiterCount
ExDeleteResourceLite
ObGetObjectSecurity
VerSetConditionMask
ZwQuerySymbolicLinkObject
ZwMapViewOfSection
RtlIntegerToUnicodeString
wcsncpy
ZwCreateDirectoryObject
ZwPowerInformation
RtlUnicodeStringToAnsiString
ZwDeleteValueKey
RtlInitString
wcsncat
RtlCompareString
ZwSetInformationFile
wcsstr
ZwEnumerateValueKey
RtlAppendUnicodeStringToString
RtlFreeAnsiString
ZwDeleteFile
IoAllocateIrp
ZwOpenProcess
RtlCopyUnicodeString
RtlUnicodeStringToInteger
wcsncmp
ZwQueryInformationFile
ZwOpenSection
ObReferenceObjectByPointer
RtlSplay
memset

Exports

Exports

_Delete_ObjectFile@4
_Insert_ObjectEx@8

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 472B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

const
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 300B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9f0726a1438d256a4bf7272ab484a397

Headers

File Characteristics

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 3KB - Virtual size: 3KB

.rdata Size: 512B - Virtual size: 472B

.data Size: 512B - Virtual size: 128B

const Size: 512B - Virtual size: 512B

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 22KB - Virtual size: 22KB

.reloc Size: 512B - Virtual size: 300B

.text
Size: 3KB - Virtual size: 3KB

.rdata
Size: 512B - Virtual size: 472B

.data
Size: 512B - Virtual size: 128B

const
Size: 512B - Virtual size: 512B

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 22KB - Virtual size: 22KB

.reloc
Size: 512B - Virtual size: 300B