07164e18c32977a00f2ffc1286d9cb9f_JaffaCakes118

General

Target

07164e18c32977a00f2ffc1286d9cb9f_JaffaCakes118
Size

159KB
MD5

07164e18c32977a00f2ffc1286d9cb9f
SHA1

473eb73d2185d8e3539c1ed2d7a30156b17d7426
SHA256

4b2cca3016ed4462529f1823dbd4d0846d82a2babb663de6a57e16a8d818df51
SHA512

559dadaff87cccdfca0e5a7ffde8f2693c55e85f80724771061b4f14880d71143c180d76ae663fe18150f23a2b200cf71e9fb41aeebbe0da6bc60fb178998314
SSDEEP

3072:ypumCVdKQH7gsOv1tP10OpyveIn0C2cJaJFs0r9gkJKqDm+TAnBRjvt:IrCVQHvdA0C2ckJ4f+iBRjv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
07164e18c32977a00f2ffc1286d9cb9f_JaffaCakes118

Files

07164e18c32977a00f2ffc1286d9cb9f_JaffaCakes118
.sys windows:4 windows x86 arch:x86

cd199d9f572ae7ee349d36b2d64ad593

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

KeRestoreFloatingPointState
_alldiv
_allmul
_allshr
_allshl
READ_REGISTER_USHORT
KeInitializeMutex
KeWaitForSingleObject
KeReleaseMutex
ZwClose
ZwQueryValueKey
ZwOpenKey
RtlInitUnicodeString
KeQuerySystemTime
KeSaveFloatingPointState
KeInitializeSpinLock
IoAllocateWorkItem
IoFreeWorkItem
IoQueueWorkItem
KefReleaseSpinLockFromDpcLevel
KefAcquireSpinLockAtDpcLevel
IoFreeMdl
MmUnlockPages
MmProbeAndLockPages
IoAllocateMdl
_except_handler3
KeTickCount
KeBugCheckEx
ExAllocatePoolWithTag
MmMapLockedPagesSpecifyCache
ExFreePool
InterlockedDecrement
InterlockedIncrement
RtlRaiseException

hal

KfAcquireSpinLock
KfReleaseSpinLock

portcls.sys

PcNewPort
PcRegisterSubdevice
PcInitializeAdapterDriver
PcAddAdapterDevice

Sections

.text
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 256B - Virtual size: 214B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.PAGE
Size: 256B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

cd199d9f572ae7ee349d36b2d64ad593

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

portcls.sys

Sections

.text Size: 35KB - Virtual size: 35KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 18KB - Virtual size: 18KB

INIT Size: 1024B - Virtual size: 1024B

.reloc Size: 256B - Virtual size: 214B

.PAGE Size: 256B - Virtual size: 256B

.text
Size: 35KB - Virtual size: 35KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 18KB - Virtual size: 18KB

INIT
Size: 1024B - Virtual size: 1024B

.reloc
Size: 256B - Virtual size: 214B

.PAGE
Size: 256B - Virtual size: 256B