3b80eb3a702b159a165ce85f4986406f_JaffaCakes118

General

Target

3b80eb3a702b159a165ce85f4986406f_JaffaCakes118
Size

186KB
MD5

3b80eb3a702b159a165ce85f4986406f
SHA1

b9ed50a418257a544909af586c532e3625d390f8
SHA256

835e17faffb3f8505b3f55691e90a9d8c1f9d7e4f2f54b8445bf130bf5553c08
SHA512

03e26125eef0c1f297774c510324264f77ae567d0f33c5fc30689b228a0c2edbc2a0c6715ae96509f55e91d9e7534079037c2d9839bda25d47f12413c2beb72b
SSDEEP

3072:gRWmFw0pXBzTa17q1r8o++ugAPb1+zULcLCulREd94wum2dL:OlwWBzGYfeg4sGMwu7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3b80eb3a702b159a165ce85f4986406f_JaffaCakes118

Files

3b80eb3a702b159a165ce85f4986406f_JaffaCakes118
.sys windows:5 windows x86 arch:x86

6b8570fdc7db3caf2ad840ae68bdcccd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

_stricmp
PsSetCreateProcessNotifyRoutine
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
RtlInitUnicodeString
wcscpy
ExFreePool
ZwQueryValueKey
ZwOpenKey
ExAllocatePoolWithTag
ZwReadFile
ZwClose
ZwQueryInformationFile
ZwOpenFile
ZwWriteFile
ZwCreateFile
wcscat
PsGetVersion
MmGetSystemRoutineAddress
strncmp
IoGetCurrentProcess
ZwMapViewOfSection
ZwCreateSection
PsCreateSystemThread
ZwUnmapViewOfSection
IoDeleteSymbolicLink
IofCompleteRequest
KeWaitForSingleObject
MmUnlockPages
KeInsertQueueApc
KeInitializeApc
KeInitializeEvent
KeUnstackDetachProcess
MmMapLockedPagesSpecifyCache
KeStackAttachProcess
IoFreeMdl
MmProbeAndLockPages
IoAllocateMdl
_except_handler3
KeSetEvent
PsTerminateSystemThread
ZwAllocateVirtualMemory
ZwOpenProcess
KeClearEvent
IoCreateNotificationEvent
ObfDereferenceObject
PsLookupProcessByProcessId

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 380B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 608B - Virtual size: 606B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6b8570fdc7db3caf2ad840ae68bdcccd

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 25KB - Virtual size: 25KB

.rdata Size: 384B - Virtual size: 380B

.data Size: 2KB - Virtual size: 2KB

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 608B - Virtual size: 606B

.text
Size: 25KB - Virtual size: 25KB

.rdata
Size: 384B - Virtual size: 380B

.data
Size: 2KB - Virtual size: 2KB

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 608B - Virtual size: 606B