02fee508d1a90799e4c724df2848819e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

02fee508d1a90799e4c724df2848819e_JaffaCakes118
Size

151KB
MD5

02fee508d1a90799e4c724df2848819e
SHA1

0c92a8d743522d47d8f08d4b23a7f4186de5cb41
SHA256

a1bd4bdef7409cd11442a41bafbfca27afec999f81224e8ce419d718c4c2918d
SHA512

530dd1dd896b88c2853b2cd63b4f2dcca7be50a6319f1df5f46899bbfdf07d6c9dcf43ffa6350481a5af093e3e42fb8033480d8b9f3c4df2caab7002380fac4a
SSDEEP

3072:74XCCt/oSVS7P3Xf3QwiVszW+M9aH3WvPJASQ0IwINf5H:7MX/ogS7Pf3RW+y9S2PdIN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
02fee508d1a90799e4c724df2848819e_JaffaCakes118

Files

02fee508d1a90799e4c724df2848819e_JaffaCakes118
.sys windows:5 windows x86 arch:x86

15fa831bb2f6d9f8984b7427b36a20bc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IofCompleteRequest
KeInitializeSpinLock
ObReferenceObjectByHandle
KeWaitForSingleObject
RtlFreeAnsiString
RtlAnsiStringToUnicodeString
RtlFreeUnicodeString
PsCreateSystemThread
IoDeleteDevice
strncmp
strstr
KeQuerySystemTime
strncpy
MmIsAddressValid
ExAllocatePoolWithTag
ExFreePoolWithTag
RtlInitUnicodeString
ExGetPreviousMode
wcsncpy
RtlInitAnsiString
wcsncat
IoFreeMdl
IoDriverObjectType
MmProbeAndLockPages
MmUnlockPages
ObReferenceObjectByName
IoAllocateMdl
KeDelayExecutionThread
ZwReadFile
ZwCreateFile
ZwQueryInformationFile
ZwWriteFile
tolower
ExAllocatePool
ExFreePool
isupper
ZwQuerySystemInformation
ZwClose
ZwQueryDirectoryFile
ZwDeleteFile
ZwOpenFile
MmMapLockedPages
RtlCompareUnicodeString
wcstombs
ZwEnumerateKey
_wcsicmp
ZwOpenKey
swprintf
ZwQueryValueKey
isdigit
ZwEnumerateValueKey
KeServiceDescriptorTable
ZwDeleteValueKey
ZwSetValueKey
ObQueryNameString
ObfDereferenceObject
ZwOpenDirectoryObject
ZwQueryDirectoryObject
PsTerminateSystemThread
KeTickCount
ZwDeleteKey
ZwCreateKey
KeInitializeSemaphore
KeReleaseSemaphore
KeReadStateSemaphore
RtlTimeToTimeFields
isspace
strchr
toupper
RtlUnicodeStringToAnsiString
sprintf
RtlImageDirectoryEntryToData
IoCreateDevice
_except_handler3
memcpy
memset

hal

KeGetCurrentIrql
KfRaiseIrql
KfLowerIrql

Sections

.text
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

15fa831bb2f6d9f8984b7427b36a20bc

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 103KB - Virtual size: 102KB

.rdata Size: 15KB - Virtual size: 14KB

.data Size: 22KB - Virtual size: 22KB

.CRT Size: 512B - Virtual size: 4B

INIT Size: 2KB - Virtual size: 2KB

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 103KB - Virtual size: 102KB

.rdata
Size: 15KB - Virtual size: 14KB

.data
Size: 22KB - Virtual size: 22KB

.CRT
Size: 512B - Virtual size: 4B

INIT
Size: 2KB - Virtual size: 2KB

.reloc
Size: 6KB - Virtual size: 6KB