370a33e3c18e67ea0a5ccf3b261ba296_JaffaCakes118

General

Target

370a33e3c18e67ea0a5ccf3b261ba296_JaffaCakes118
Size

35KB
MD5

370a33e3c18e67ea0a5ccf3b261ba296
SHA1

444f3c84b81097121df8f2c1afe4885c39b40344
SHA256

ed50c5feccfb40d7f993ed4a53532e2b899c0f28467c38e4d6be5f5400e0da91
SHA512

a95badf91f4e3e4a0ffa40da388ae4299e7a5f361a860d3d5262a855d54735463a2fdd099b238358c7c2b2d03d3d6e41f7aac3736e7566f092e3aba9afcce14c
SSDEEP

768:0I104q+HVuIBzWj/Atmw+6iK5vlfRPvlXcdbTFCTDbDpQfpIDP51Swpw+:0p4q+HVftWj27ZRPvlXgoR+i1Swp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
370a33e3c18e67ea0a5ccf3b261ba296_JaffaCakes118

Files

370a33e3c18e67ea0a5ccf3b261ba296_JaffaCakes118
.sys windows:4 windows x86 arch:x86

f972a7f22ead84296d8d08d840fdb4f8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwClose
ZwCreateFile
RtlInitUnicodeString
swprintf
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
ZwSetInformationFile
wcslen
wcscpy
_snwprintf
ExAllocatePoolWithTag
RtlCompareUnicodeString
_wcsnicmp
strncmp
ZwSetValueKey
ZwQueryValueKey
ZwOpenKey
_except_handler3
ObReferenceObjectByHandle
MmGetSystemRoutineAddress
KeDelayExecutionThread
ZwCreateKey
strncpy
IoGetCurrentProcess
ZwQueryKey
_wcsicmp
IoRegisterDriverReinitialization
wcsncpy
wcsrchr
ExFreePool
_snprintf
ZwDeleteKey
wcschr
ObfDereferenceObject
MmIsAddressValid
PsCreateSystemThread
RtlCopyUnicodeString
wcscat
ObQueryNameString
_stricmp
PsLookupProcessByProcessId
wcsstr
_wcslwr
RtlAnsiStringToUnicodeString
KeTickCount
KeQueryTimeIncrement
IofCompleteRequest
PsSetCreateProcessNotifyRoutine
IoDeviceObjectType

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 64B - Virtual size: 61B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 640B - Virtual size: 616B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f972a7f22ead84296d8d08d840fdb4f8

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 25KB - Virtual size: 25KB

.data Size: 5KB - Virtual size: 5KB

PAGE Size: 64B - Virtual size: 61B

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 640B - Virtual size: 616B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 25KB - Virtual size: 25KB

.data
Size: 5KB - Virtual size: 5KB

PAGE
Size: 64B - Virtual size: 61B

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 640B - Virtual size: 616B

.reloc
Size: 1KB - Virtual size: 1KB