0a512db8983ee9f0dfd69deda1129a6a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0a512db8983ee9f0dfd69deda1129a6a_JaffaCakes118
Size

42KB
MD5

0a512db8983ee9f0dfd69deda1129a6a
SHA1

04f1c2c7791dd0e517870077d9d3311dd2ff7167
SHA256

2ef25edabeee3cf9a869dfe9f2436dc8e170edf44b783cc9e4fe98046583af8e
SHA512

37459d6286d3b0a38606d193689f5dd233f211067292a1c300ae0bb80e72df7124110aad6e9b27633ebaf508f1ae1772fe2546c1466805d005ec62928aef4afd
SSDEEP

768:eQfN77x9bqKE3QJaSqMNlSWlJ2FyThGWKDxeWjXy5yQLO3EzJ4pOg9wGJFaatHCo:1tlbs2aRbIxLzmGGfRit9EX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0a512db8983ee9f0dfd69deda1129a6a_JaffaCakes118

Files

0a512db8983ee9f0dfd69deda1129a6a_JaffaCakes118
.sys windows:4 windows x86 arch:x86

9038267dffe5d0d2eb21c81354dee3f8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExAcquireResourceExclusiveLite
KeEnterCriticalRegion
sprintf
ExAcquireResourceSharedLite
ExReleaseResourceLite
IoFreeIrp
KeSetEvent
KeWaitForSingleObject
IofCallDriver
KeGetCurrentThread
IoAllocateIrp
KeInitializeEvent
memmove
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
strncmp
IoGetCurrentProcess
PsGetCurrentProcessId
strncpy
IoAttachDeviceToDeviceStack
ObfDereferenceObject
IoCreateDevice
IoGetRelatedDeviceObject
vsprintf
KeLeaveCriticalRegion
ZwCreateFile
RtlInitUnicodeString
IoQueryVolumeInformation
IoAttachDeviceByPointer
ExInterlockedPushEntrySList
KeQuerySystemTime
ExInterlockedPopEntrySList
ProbeForWrite
KeClearEvent
_except_handler3
IoDeleteDevice
IoDetachDevice
ExQueueWorkItem
IofCompleteRequest
strstr
MmMapLockedPages
IoDeleteSymbolicLink
ExInitializeNPagedLookasideList
ExInitializeResourceLite
IoCreateSymbolicLink
InterlockedIncrement
ExAllocatePoolWithTag
ExFreePool
ZwClose
ObReferenceObjectByHandle
_strlwr

hal

KeGetCurrentIrql
KeQueryPerformanceCounter
ExAcquireFastMutex
ExReleaseFastMutex

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9038267dffe5d0d2eb21c81354dee3f8

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 22KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 512B - Virtual size: 3KB

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 8KB - Virtual size: 8KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 22KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 3KB

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 8KB - Virtual size: 8KB

.reloc
Size: 4KB - Virtual size: 3KB