42d48d5bfe9ce09426948dad2c843a54_JaffaCakes118

General

Target

42d48d5bfe9ce09426948dad2c843a54_JaffaCakes118
Size

35KB
MD5

42d48d5bfe9ce09426948dad2c843a54
SHA1

4009dff48f72d86584e9897e3150215aaea5cc8f
SHA256

e4ee7cdb380bdc31105920d9ebbfcef9648e6ede893123ff22274201fd294825
SHA512

915c5a0f4781aa6b7cd9ca4724d6b73bf8baad1b02b78751e1220ac4eaa6e5e921f30d633d4b1fa83810f9194d9db6bc576d39a2310481ccc59572cc398627e8
SSDEEP

768:JOs0WM0CJsi+kkivaaMEja8I88ImBhL5f8ZQDE9vQWrYwQhXl3XJloAH:szWM08OPGvVmbL5fsN9jrYwQhXl3XjnH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
42d48d5bfe9ce09426948dad2c843a54_JaffaCakes118

Files

42d48d5bfe9ce09426948dad2c843a54_JaffaCakes118
.sys windows:4 windows x86 arch:x86

59c8f20676e8131a7a88f2a0614acf9a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwClose
ZwSetValueKey
wcslen
ZwCreateKey
RtlInitUnicodeString
swprintf
wcsncpy
wcsrchr
wcsstr
_wcslwr
IofCompleteRequest
MmIsAddressValid
strncpy
IoGetCurrentProcess
ExFreePool
_snprintf
ExAllocatePoolWithTag
IoRegisterDriverReinitialization
strncmp
ZwDeleteKey
ZwOpenKey
PsSetCreateProcessNotifyRoutine
wcscat
wcscpy
KeTickCount
_wcsicmp
ZwQueryValueKey
_except_handler3
KeDelayExecutionThread
KeQuerySystemTime
MmGetSystemRoutineAddress
ObfDereferenceObject
IoDeviceObjectType
ZwCreateFile
PsCreateSystemThread
ObReferenceObjectByHandle
ZwSetInformationFile
_stricmp
PsLookupProcessByProcessId
RtlAnsiStringToUnicodeString
_wcsnicmp
RtlCompareUnicodeString
_snwprintf
wcschr
ZwQueryKey
RtlCopyUnicodeString
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
ObQueryNameString
KeQueryTimeIncrement

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 96B - Virtual size: 80B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 640B - Virtual size: 616B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

59c8f20676e8131a7a88f2a0614acf9a

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 25KB - Virtual size: 25KB

.data Size: 5KB - Virtual size: 5KB

PAGE Size: 96B - Virtual size: 80B

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 640B - Virtual size: 616B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 25KB - Virtual size: 25KB

.data
Size: 5KB - Virtual size: 5KB

PAGE
Size: 96B - Virtual size: 80B

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 640B - Virtual size: 616B

.reloc
Size: 1KB - Virtual size: 1KB