462a4a1563b7900941cfc5a4ebdeb043_JaffaCakes118

General

Target

462a4a1563b7900941cfc5a4ebdeb043_JaffaCakes118
Size

34KB
MD5

462a4a1563b7900941cfc5a4ebdeb043
SHA1

5d8b2069f5dbaf57b74d59b92334dd972fe6335f
SHA256

c0170ce94ce6f1e6e716268791048c68b9b33959e23fed3b89c4a76e9d80f727
SHA512

a46de7f1a337d54df3e416c46d71241a10461465a5be5076a5277c4e5af67211b8cfcfa86497515c2e6e0a055eaaaa1da2f11277879f3f9a11576a84f03fe330
SSDEEP

768:UlBEwLm+gDTxuzATzGFUHqDyUfz2lUcARpNJynIG5Tq8gGN6fCvtEHIkrDrrs:KxYTxuzQ0UHqDyO2l6RpbynIG1PgGN6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
462a4a1563b7900941cfc5a4ebdeb043_JaffaCakes118

Files

462a4a1563b7900941cfc5a4ebdeb043_JaffaCakes118
.sys windows:4 windows x86 arch:x86

019e6ad394ed268ad5215e304152ce63

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

_wcslwr
wcsncpy
PsGetVersion
isspace
isxdigit
isdigit
toupper
strstr
isupper
strrchr
strchr
islower
isprint
atol
tolower
atoi
PsSetCreateProcessNotifyRoutine
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
RtlInitUnicodeString
srand
MmIsAddressValid
KeDelayExecutionThread
ZwClose
ZwCreateKey
wcslen
swprintf
wcscat
wcscpy
ZwUnmapViewOfSection
_snprintf
ExFreePool
ExAllocatePoolWithTag
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
strncmp
IoGetCurrentProcess
_wcsnicmp
RtlAnsiStringToUnicodeString
PsTerminateSystemThread
PsCreateSystemThread
_stricmp
strncpy
PsLookupProcessByProcessId
KeInitializeTimer
IofCompleteRequest
ZwCreateFile
ZwEnumerateKey
ZwSetValueKey
ZwOpenKey
IoRegisterDriverReinitialization

Sections

.text
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

019e6ad394ed268ad5215e304152ce63

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 27KB - Virtual size: 27KB

.data Size: 3KB - Virtual size: 3KB

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 27KB - Virtual size: 27KB

.data
Size: 3KB - Virtual size: 3KB

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB