086b28766d29bb29ec1c820fa2ffa714_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

086b28766d29bb29ec1c820fa2ffa714_JaffaCakes118
Size

175KB
MD5

086b28766d29bb29ec1c820fa2ffa714
SHA1

9c4441c65f3b1216798ac4aededcb48c8b208457
SHA256

b83e2d7659726be6f6cf3423eacfd4eedba4d2d430f8449d6ca90a1ca8b8c084
SHA512

add9fb70e55bb548b97b84a915799b81a8d62f66dd87ba43538a00a953528dcfba479ac79459b30f2927f84c17ddf45a5fc5420569f4d1c6bc88460148ee085b
SSDEEP

3072:zR4OJvDmNlaFvgKRf3EjULyf80EO6MAC7xn7XZ4EHh:zR44KgFvgKOQmf80EO6arHh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
086b28766d29bb29ec1c820fa2ffa714_JaffaCakes118

Files

086b28766d29bb29ec1c820fa2ffa714_JaffaCakes118
.sys windows:5 windows x86 arch:x86

07f408d0147181564b976b5bebdf7948

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\reactor3\client\Release\client.pdb

Imports

ntoskrnl.exe

KeWaitForSingleObject
KeInitializeSpinLock
RtlFreeAnsiString
RtlFreeUnicodeString
IoDeleteDevice
PsCreateSystemThread
sprintf
KeSetEvent
RtlUnicodeStringToAnsiString
ZwClose
IoCreateDevice
strncmp
strstr
KeQuerySystemTime
strncpy
MmIsAddressValid
ExAllocatePoolWithTag
ExFreePoolWithTag
ExGetPreviousMode
wcsncpy
RtlInitAnsiString
wcsncat
IoFreeMdl
IoDriverObjectType
MmProbeAndLockPages
MmUnlockPages
ObReferenceObjectByName
IoRegisterFsRegistrationChange
IoAllocateMdl
KeDelayExecutionThread
ZwReadFile
ZwCreateFile
ZwQueryInformationFile
ZwWriteFile
ZwQuerySystemInformation
RtlImageDirectoryEntryToData
tolower
ExAllocatePool
RtlAnsiStringToUnicodeString
isupper
ZwQueryDirectoryFile
ZwDeleteFile
ZwOpenFile
ZwQueryValueKey
isdigit
_wcsicmp
RtlCompareUnicodeString
MmMapLockedPages
ZwEnumerateValueKey
KeServiceDescriptorTable
ZwLoadDriver
ZwEnumerateKey
ZwOpenKey
ZwCreateKey
ZwDeleteValueKey
ZwSetValueKey
RtlInitUnicodeString
ZwOpenDirectoryObject
ZwQueryDirectoryObject
RtlTimeToTimeFields
strchr
KeInitializeEvent
PsTerminateSystemThread
KeTickCount
ZwDeleteKey
ZwFlushKey
KeReleaseSemaphore
KeReadStateSemaphore
KeInitializeSemaphore
isspace
toupper
ObReferenceObjectByHandle
IofCompleteRequest
ExFreePool
memcpy
memset
_except_handler3
_allrem

hal

KeGetCurrentIrql
KfRaiseIrql
KfLowerIrql

Sections

.text
Size: 122KB - Virtual size: 122KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

07f408d0147181564b976b5bebdf7948

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

hal

Sections

.text Size: 122KB - Virtual size: 122KB

.rdata Size: 17KB - Virtual size: 16KB

.data Size: 24KB - Virtual size: 23KB

INIT Size: 2KB - Virtual size: 2KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 122KB - Virtual size: 122KB

.rdata
Size: 17KB - Virtual size: 16KB

.data
Size: 24KB - Virtual size: 23KB

INIT
Size: 2KB - Virtual size: 2KB

.reloc
Size: 8KB - Virtual size: 7KB