0e5db6d29d5bf8eefde216f3ed55cbae_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

0e5db6d29d5bf8eefde216f3ed55cbae_JaffaCakes118
Size

40KB
MD5

0e5db6d29d5bf8eefde216f3ed55cbae
SHA1

65563bd997bb13c7b14ef84cbcc829c20cd3e7d6
SHA256

7e6b8e5605e2a4353523fef3269df197b26223f46a67eefcb9efe61d3e529d6a
SHA512

4e07e5198c5c3606b5cb6edd611f087db674104ff5c19d3d70ca60faa2a52e2167ebc1038b3d50d85280957f0bea21459557036a46741b5e44bea3c70855c0d5
SSDEEP

768:GrEjvZPBB6LoM7jzoPESyYGBE9VgtGCYBP4Vij9TM2Pd7QYb5l1U3tYbtrt2tLtu:FYcivoP1gE9V1kwj1jhQYbZU942y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0e5db6d29d5bf8eefde216f3ed55cbae_JaffaCakes118

Files

0e5db6d29d5bf8eefde216f3ed55cbae_JaffaCakes118
.sys windows:4 windows x86 arch:x86

00003658d0730fdf9a40e374b4de429d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ObfDereferenceObject
IoRegisterDriverReinitialization
ZwClose
ZwSetValueKey
ZwQueryValueKey
RtlInitUnicodeString
ZwOpenKey
_except_handler3
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
ZwCreateKey
ZwDeleteKey
KeDelayExecutionThread
KeQuerySystemTime
wcsncpy
MmIsAddressValid
IoGetCurrentProcess
PsGetVersion
wcslen
swprintf
wcscat
wcscpy
ZwSetInformationFile
ZwCreateFile
strncmp
_snwprintf
wcschr
_wcsnicmp
_stricmp
wcsstr
_wcslwr
IofCompleteRequest
wcsrchr
IoDeviceObjectType
strncpy
ExFreePool
ExAllocatePoolWithTag
_wcsicmp
ObReferenceObjectByHandle
PsCreateSystemThread
RtlCopyUnicodeString
RtlCompareUnicodeString
MmGetSystemRoutineAddress
KeTickCount
KeQueryTimeIncrement
PsLookupProcessByProcessId
RtlAnsiStringToUnicodeString
_snprintf
PsSetCreateProcessNotifyRoutine

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGEWMI
Size: 32B - Virtual size: 10B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGEDRV
Size: 32B - Virtual size: 8B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGESYS
Size: 32B - Virtual size: 3B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 96B - Virtual size: 67B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

00003658d0730fdf9a40e374b4de429d

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 28KB - Virtual size: 28KB

.rdata Size: 256B - Virtual size: 252B

.data Size: 7KB - Virtual size: 7KB

PAGEWMI Size: 32B - Virtual size: 10B

PAGEDRV Size: 32B - Virtual size: 8B

PAGESYS Size: 32B - Virtual size: 3B

PAGE Size: 96B - Virtual size: 67B

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 28KB - Virtual size: 28KB

.rdata
Size: 256B - Virtual size: 252B

.data
Size: 7KB - Virtual size: 7KB

PAGEWMI
Size: 32B - Virtual size: 10B

PAGEDRV
Size: 32B - Virtual size: 8B

PAGESYS
Size: 32B - Virtual size: 3B

PAGE
Size: 96B - Virtual size: 67B

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB