0ffc97a68d455bcd4d345f92f5a7e2e3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0ffc97a68d455bcd4d345f92f5a7e2e3_JaffaCakes118
Size

40KB
MD5

0ffc97a68d455bcd4d345f92f5a7e2e3
SHA1

e8baaefc1abd3b9c8bac3477a4782026574912d8
SHA256

68ca3dec26c85610497d83157ee40be0046e701714442317339631a2b1cb029e
SHA512

e7da0e8eb3a590b88ec6529130e040f4560f3a3870343ba7ae7f9530c862af525afe012cd3469359eba86ed29a866633622460fffe6530f03fda21bfac094b3a
SSDEEP

768:Vk7PV2uKPDQIe6oNG8DBbHTmoqQnKCTpt86yEh4yzp6Ouh5XXksuMKUI7Y5/6JbJ:mTVpoje6uBxT/xyW/p6xHkVH3YcJbXZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0ffc97a68d455bcd4d345f92f5a7e2e3_JaffaCakes118

Files

0ffc97a68d455bcd4d345f92f5a7e2e3_JaffaCakes118
.sys windows:4 windows x86 arch:x86

edb54b9c0b86ec03c51ed2670dda6a5e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

strncmp
IoGetCurrentProcess
_wcsicmp
wcsncpy
wcslen
wcsrchr
RtlAnsiStringToUnicodeString
ZwSetValueKey
ZwClose
ZwQueryValueKey
RtlInitUnicodeString
_snwprintf
wcschr
IofCompleteRequest
ZwCreateKey
RtlCompareUnicodeString
ZwOpenKey
_except_handler3
ObfDereferenceObject
MmGetSystemRoutineAddress
ExFreePool
ExAllocatePoolWithTag
ZwCreateFile
swprintf
PsCreateSystemThread
_stricmp
wcsstr
_wcslwr
wcscat
wcscpy
KeTickCount
KeQueryTimeIncrement
_snprintf
strncpy
PsLookupProcessByProcessId
MmIsAddressValid
PsGetVersion
ObReferenceObjectByHandle
_wcsnicmp
ZwDeleteKey
RtlCopyUnicodeString
KeDelayExecutionThread
KeQuerySystemTime
PsSetCreateProcessNotifyRoutine
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
IoDeviceObjectType
ZwSetInformationFile
IoRegisterDriverReinitialization

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGEWMI
Size: 32B - Virtual size: 10B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGEDRV
Size: 32B - Virtual size: 8B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGESYS
Size: 32B - Virtual size: 8B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGEALL
Size: 32B - Virtual size: 8B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGEDATA
Size: 32B - Virtual size: 3B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 64B - Virtual size: 46B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

edb54b9c0b86ec03c51ed2670dda6a5e

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 28KB - Virtual size: 28KB

.rdata Size: 256B - Virtual size: 252B

.data Size: 7KB - Virtual size: 7KB

PAGEWMI Size: 32B - Virtual size: 10B

PAGEDRV Size: 32B - Virtual size: 8B

PAGESYS Size: 32B - Virtual size: 8B

PAGEALL Size: 32B - Virtual size: 8B

PAGEDATA Size: 32B - Virtual size: 3B

PAGE Size: 64B - Virtual size: 46B

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 28KB - Virtual size: 28KB

.rdata
Size: 256B - Virtual size: 252B

.data
Size: 7KB - Virtual size: 7KB

PAGEWMI
Size: 32B - Virtual size: 10B

PAGEDRV
Size: 32B - Virtual size: 8B

PAGESYS
Size: 32B - Virtual size: 8B

PAGEALL
Size: 32B - Virtual size: 8B

PAGEDATA
Size: 32B - Virtual size: 3B

PAGE
Size: 64B - Virtual size: 46B

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB