462ab9b04e843529648d2f857dd98d75_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

462ab9b04e843529648d2f857dd98d75_JaffaCakes118
Size

24KB
MD5

462ab9b04e843529648d2f857dd98d75
SHA1

6b0623484e75bd7bbcced8a98cc5c96b59497e8c
SHA256

d6d762536a32722b73dc7091b6cc96dd44af243ddf82f9c2ad879b84436f2b14
SHA512

5872f897d84300a5ef4eb9c264c481ccbe46452d4a1c37bfef2013caf3210d01c322f363382fe2b0ee4a9fdd2f35e763a29b1d6860e089c6ca21744edfb14216
SSDEEP

384:2sEtE7v1PeZ+Fv3fMeOFgvgZxk1Of6nxRvLPChkvFXgQ:2sX7v1Pk+FvPMNWvgks6nxRTPCh4h

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
462ab9b04e843529648d2f857dd98d75_JaffaCakes118

Files

462ab9b04e843529648d2f857dd98d75_JaffaCakes118
.sys windows:6 windows x86 arch:x86

b27824d0e5d6e96737813ca22735fe8c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\0soft\loader\runtime3\objfre_wxp_x86\i386\runtime3.pdb

Imports

ntoskrnl.exe

memcpy
ExAllocatePoolWithTag
ZwClose
ZwSetValueKey
wcslen
ZwCreateKey
RtlInitUnicodeString
strcmp
PsLookupProcessByProcessId
wcsncpy
memset
ZwQueryValueKey
ZwOpenKey
wcsncat
wcscpy
PsSetCreateProcessNotifyRoutine
IoDeleteDevice
IoCreateSymbolicLink
IoRegisterShutdownNotification
IoCreateDevice
IofCompleteRequest
RtlAppendUnicodeStringToString
ZwWriteFile
ZwCreateFile
IoRegisterFsRegistrationChange
KeInitializeMutex
ObfDereferenceObject
ObReferenceObjectByName
IoDriverObjectType
RtlAppendUnicodeToString
ZwQueryDirectoryObject
ZwOpenDirectoryObject
KeReleaseMutex
KeWaitForSingleObject
ExFreePoolWithTag
MmIsAddressValid
CmRegisterCallback
ExInitializeResourceLite
KeDelayExecutionThread
KeLeaveCriticalRegion
ExReleaseResourceLite
ExAcquireResourceExclusiveLite
KeEnterCriticalRegion
RtlCopyUnicodeString
RtlCompareUnicodeString
ExAcquireResourceSharedLite
ObQueryNameString
ZwEnumerateValueKey
ExQueueWorkItem

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 318B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 768B - Virtual size: 725B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 896B - Virtual size: 772B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b27824d0e5d6e96737813ca22735fe8c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Sections

.text Size: 9KB - Virtual size: 9KB

.rdata Size: 384B - Virtual size: 318B

.data Size: 768B - Virtual size: 725B

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 10KB - Virtual size: 10KB

.reloc Size: 896B - Virtual size: 772B

.text
Size: 9KB - Virtual size: 9KB

.rdata
Size: 384B - Virtual size: 318B

.data
Size: 768B - Virtual size: 725B

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 10KB - Virtual size: 10KB

.reloc
Size: 896B - Virtual size: 772B