17e6edd3621e44d450a95755707ec612_JaffaCakes118

General

Target

17e6edd3621e44d450a95755707ec612_JaffaCakes118
Size

7KB
MD5

17e6edd3621e44d450a95755707ec612
SHA1

370cf66c1bd3d08479a051a8a7d4facf40bfac6f
SHA256

db9682e67118c6eafb4fa9e8bc309e3eee3c6f72a0e7afbb30e2d95094ac963b
SHA512

f3b2364065f3b2b18dc018ba5d123689479398db9fcffefee7e9a8f70c373689c80eb77603705f4512a5029ede8e7ad3f552e8dd77aca9d7fd5b626227914bc2
SSDEEP

192:9knSprWCNfjQLs3LfVtlrKRpQFFPufxYSqQ:9knSpqoZLfDApQFFPufxYP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
17e6edd3621e44d450a95755707ec612_JaffaCakes118

Files

17e6edd3621e44d450a95755707ec612_JaffaCakes118
.sys windows:5 windows x86 arch:x86

0364d1cea11914b6872c4e74dd215fea

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlCompareMemory
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
ZwClose
ZwQueryDirectoryFile
InterlockedExchange
KeServiceDescriptorTable
ZwQuerySystemInformation
PsCreateSystemThread
KeSetEvent
KeInitializeSpinLock
KeInitializeEvent
ExAllocatePoolWithTag
ExFreePool
ObfDereferenceObject
MmIsAddressValid
IoGetRelatedDeviceObject
ObReferenceObjectByHandle
ZwCreateFile
RtlInitUnicodeString
IoFreeIrp
strncpy
KeWaitForSingleObject
IofCallDriver
IoAllocateIrp
strncat
ObQueryNameString
strstr
wcscpy
strchr
memmove
_strnicmp
ZwEnumerateKey
ZwOpenKey
ZwCreateKey
ZwDeviceIoControlFile
IoGetCurrentProcess
KeClearEvent
strncmp

hal

KfReleaseSpinLock
KfAcquireSpinLock

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 288B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 1014B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 768B - Virtual size: 758B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0364d1cea11914b6872c4e74dd215fea

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 288B - Virtual size: 260B

.data Size: 64B - Virtual size: 56B

INIT Size: 1024B - Virtual size: 1014B

.reloc Size: 768B - Virtual size: 758B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 288B - Virtual size: 260B

.data
Size: 64B - Virtual size: 56B

INIT
Size: 1024B - Virtual size: 1014B

.reloc
Size: 768B - Virtual size: 758B