18159de0943ef86c9888cf77d1d2f509_JaffaCakes118

General

Target

18159de0943ef86c9888cf77d1d2f509_JaffaCakes118
Size

16KB
MD5

18159de0943ef86c9888cf77d1d2f509
SHA1

1320c283726e400e12a70022d74a191fe820d598
SHA256

9020aec903a2a35cb7053e76c6c0ca12620e7729d59dc526165669200d93beb6
SHA512

bc2a33d6c4d270e4534de57dcd3eae915138eab0388ab8811ec02ebe41d2857616a175a47b208f5bca5fe8b0984809486b531a2853073efbbaab61379be071ef
SSDEEP

384:PLNyEw8NdFTCa5MIMo8iPjyf6gUGBoPcnZeBma+2kofTBzIX9twd81rnDDl+pInb:1wV+pY93

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
18159de0943ef86c9888cf77d1d2f509_JaffaCakes118

Files

18159de0943ef86c9888cf77d1d2f509_JaffaCakes118
.sys windows:5 windows x86 arch:x86

0c86d2f8085802cf349ec80eaf5929a6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoDeleteDevice
IoDeleteSymbolicLink
RtlInitUnicodeString
ExFreePool
PsTerminateSystemThread
RtlFreeAnsiString
_stricmp
_strlwr
RtlUnicodeStringToAnsiString
ExAllocatePoolWithTag
ZwQuerySystemInformation
ExGetPreviousMode
MmIsAddressValid
ProbeForWrite
ProbeForRead
_except_handler3
IofCompleteRequest
PsGetCurrentProcessId
_strupr
IoGetCurrentProcess
strrchr
KeUnstackDetachProcess
ZwTerminateProcess
KeStackAttachProcess
PsLookupProcessByProcessId
ZwPulseEvent
MmGetSystemRoutineAddress
IoCreateSymbolicLink
IoCreateDevice
ZwQueryInformationProcess
MmMapLockedPages
MmBuildMdlForNonPagedPool
MmCreateMdl
MmSizeOfMdl
strncmp

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

zdata
Size: 288B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

vdata
Size: 288B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 928B - Virtual size: 912B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 384B - Virtual size: 360B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0c86d2f8085802cf349ec80eaf5929a6

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 13KB - Virtual size: 13KB

zdata Size: 288B - Virtual size: 260B

vdata Size: 288B - Virtual size: 260B

INIT Size: 928B - Virtual size: 912B

.reloc Size: 384B - Virtual size: 360B

.text
Size: 13KB - Virtual size: 13KB

zdata
Size: 288B - Virtual size: 260B

vdata
Size: 288B - Virtual size: 260B

INIT
Size: 928B - Virtual size: 912B

.reloc
Size: 384B - Virtual size: 360B