27e2c94f5ddc27db5f7f2b77ee150d23_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

27e2c94f5ddc27db5f7f2b77ee150d23_JaffaCakes118
Size

40KB
MD5

27e2c94f5ddc27db5f7f2b77ee150d23
SHA1

4d7cb85c381a31446ec67cce3d47e2ca9ed9ad2d
SHA256

a6e59658c1e875489368db20b79d1157b8a657572c7a1c3792723e672b29dbb5
SHA512

90f6ef5423569e88c475d29f69f58c8619a3bf1493cf52a7634fcda4fb7e5ec6e2fea4825e90e0f8d8007bb5bd6e5dcd08616fcbdd83d83d2b8b10c93e0020cc
SSDEEP

768:bdn539DbYo02fUvRP0N3b2WzmgfvAExo7UVvk0EqjBSsj5k5s+/+TQsRNehQOOyp:BF9PcvRP+blmgwErVeqjBSsdk5n2CQSE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
27e2c94f5ddc27db5f7f2b77ee150d23_JaffaCakes118

Files

27e2c94f5ddc27db5f7f2b77ee150d23_JaffaCakes118
.sys windows:4 windows x86 arch:x86

e7b4eb4f5190cf07c457923691c66ada

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

_stricmp
swprintf
wcsstr
_wcslwr
MmIsAddressValid
IoDeviceObjectType
ZwSetValueKey
wcslen
RtlInitUnicodeString
ExFreePool
ExAllocatePoolWithTag
ZwClose
ObfDereferenceObject
KeQuerySystemTime
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
ZwQueryValueKey
ZwOpenKey
_except_handler3
strncmp
IoGetCurrentProcess
ZwSetInformationFile
ZwCreateFile
wcscpy
RtlCompareUnicodeString
wcscat
_wcsicmp
ObReferenceObjectByHandle
_snwprintf
wcsncpy
wcschr
wcsrchr
RtlCopyUnicodeString
PsSetCreateProcessNotifyRoutine
KeTickCount
KeQueryTimeIncrement
_wcsnicmp
_snprintf
ZwDeleteKey
KeDelayExecutionThread
MmGetSystemRoutineAddress
IoRegisterDriverReinitialization
strncpy
PsGetVersion
RtlAnsiStringToUnicodeString
ZwCreateKey
IofCompleteRequest
PsLookupProcessByProcessId
PsCreateSystemThread

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGEWMI
Size: 32B - Virtual size: 10B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGEDRV
Size: 32B - Virtual size: 8B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGESYS
Size: 32B - Virtual size: 8B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGEALL
Size: 32B - Virtual size: 3B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 64B - Virtual size: 55B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e7b4eb4f5190cf07c457923691c66ada

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 28KB - Virtual size: 28KB

.rdata Size: 256B - Virtual size: 252B

.data Size: 7KB - Virtual size: 7KB

PAGEWMI Size: 32B - Virtual size: 10B

PAGEDRV Size: 32B - Virtual size: 8B

PAGESYS Size: 32B - Virtual size: 8B

PAGEALL Size: 32B - Virtual size: 3B

PAGE Size: 64B - Virtual size: 55B

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 28KB - Virtual size: 28KB

.rdata
Size: 256B - Virtual size: 252B

.data
Size: 7KB - Virtual size: 7KB

PAGEWMI
Size: 32B - Virtual size: 10B

PAGEDRV
Size: 32B - Virtual size: 8B

PAGESYS
Size: 32B - Virtual size: 8B

PAGEALL
Size: 32B - Virtual size: 3B

PAGE
Size: 64B - Virtual size: 55B

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB