3a61f9ce9311b69d6e256cb1d555259e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3a61f9ce9311b69d6e256cb1d555259e_JaffaCakes118
Size

88KB
MD5

3a61f9ce9311b69d6e256cb1d555259e
SHA1

656b9097bc72c066d2947a60c8ce8491960550a0
SHA256

a43ca5a0c0a6b73f22de5c16f5784606fa53147084d727b0c0cc70c13f554488
SHA512

1fde99a80e4cafe896f554d955360db2b7c9242bab4a2a717b8b76f31fc7318d843c585028f1c841765a2042b0ef9c43ba8b3240d5bfda3e3b050f7ae12819cf
SSDEEP

1536:olTID7FjmG2ck4+VfyiSAf4rIsvPQGOjtBsAkWKdYLTC:olT47FjmJck4ekXFnQpaOL2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3a61f9ce9311b69d6e256cb1d555259e_JaffaCakes118

Files

3a61f9ce9311b69d6e256cb1d555259e_JaffaCakes118
.sys windows:6 windows x86 arch:x86

36e34172000380299422297e2f166268

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\beijing\onlinehookmmloader\objchk_wxp_x86\i386\hintroot.pdb

Imports

ntoskrnl.exe

ZwCreateFile
RtlAnsiStringToUnicodeString
memcpy
memset
_vsnprintf
strncmp
IoGetCurrentProcess
strncpy
ExFreePoolWithTag
ZwSetInformationFile
ZwQueryInformationFile
ZwSetSecurityObject
RtlSetDaclSecurityDescriptor
RtlCreateSecurityDescriptor
RtlAddAccessAllowedAce
RtlCreateAcl
ExAllocatePoolWithTag
RtlLengthSid
SeExports
RtlCopyUnicodeString
FsRtlDissectName
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
RtlCompareUnicodeString
RtlInitUnicodeString
ZwReadFile
_wcsicmp
RtlQueryRegistryValues
RtlCompareString
RtlInitString
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
RtlCompareMemory
MmGetSystemRoutineAddress
wcstombs
ZwOpenSection
ZwSetSystemInformation
KeQuerySystemTime
ZwLoadDriver
IofCompleteRequest
IoDeleteDevice
ZwDeleteKey
ZwEnumerateKey
ZwOpenKey
RtlDeleteRegistryValue
MmIsAddressValid
PsTerminateSystemThread
RtlWriteRegistryValue
KeDelayExecutionThread
KeSetPriorityThread
KeGetCurrentThread
PsCreateSystemThread
ZwEnumerateValueKey
mbstowcs
wcsstr
ZwQueryValueKey
ZwSetValueKey
KeTickCount
KeBugCheckEx
ExSystemTimeToLocalTime
RtlTimeToTimeFields
sprintf
ZwWriteFile
ZwClose
KeServiceDescriptorTable
RtlFreeUnicodeString

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 403B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 768B - Virtual size: 766B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.v-lizer
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

36e34172000380299422297e2f166268

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Sections

.text Size: 24KB - Virtual size: 23KB

.rdata Size: 512B - Virtual size: 403B

.data Size: 2KB - Virtual size: 2KB

PAGE Size: 768B - Virtual size: 766B

INIT Size: 5KB - Virtual size: 5KB

.rsrc Size: 1KB - Virtual size: 1KB

.v-lizer Size: 53KB - Virtual size: 53KB

.text
Size: 24KB - Virtual size: 23KB

.rdata
Size: 512B - Virtual size: 403B

.data
Size: 2KB - Virtual size: 2KB

PAGE
Size: 768B - Virtual size: 766B

INIT
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 1KB - Virtual size: 1KB

.v-lizer
Size: 53KB - Virtual size: 53KB