0ceb8971a84bf54be7c47b557438525e_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

0ceb8971a84bf54be7c47b557438525e_JaffaCakes118
Size

745KB
MD5

0ceb8971a84bf54be7c47b557438525e
SHA1

13a4e02b8b0dc4a3df519e78ca80243e279f2d31
SHA256

f8b5efa0898087f129df6ae5b6432cf9f97ef541469cdbb89cf9b44004be7a96
SHA512

2fd7b1c9f26dc83ef88e0c9b704a58bb722b513dafde46fef879c41a967528de8e314b83760f25dacd599bbca729ff6e610d3e7b5a3b82c143a1afff208f4f97
SSDEEP

12288:JfEY/vmrT5R24dmG4PCt5ERlY2AEs0EH9PAbwO7EBxvNvJWkUsw8ue9ExJXrtVlv:JMkmL9+K5EQ5EsZEMvRWkUsw8/ExdOIg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0ceb8971a84bf54be7c47b557438525e_JaffaCakes118

Files

0ceb8971a84bf54be7c47b557438525e_JaffaCakes118
.sys windows:4 windows x86 arch:x86

1f5e9c552ac60ce5ea5f5f5d999fc535

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

KeBugCheckEx
ExAllocatePoolWithTag
RtlInitUnicodeString
KeWaitForSingleObject
KeInitializeEvent
KeSetEvent
ZwClose
IofCompleteRequest
ExFreePoolWithTag
RtlCompareMemory
IoDeleteDevice
IoCreateDevice
ZwQueryValueKey
PoCallDriver
IoFreeIrp
PoStartNextPowerIrp
RtlFreeUnicodeString
IoAllocateIrp
MmMapLockedPagesSpecifyCache
IoFreeMdl
KeCancelTimer
ExFreePool
IoAllocateMdl
KeInitializeTimer
IoWMIRegistrationControl
KeDelayExecutionThread
KeClearEvent
ObReferenceObjectByHandle
KeSetTimer
IoSetDeviceInterfaceState
IoCancelIrp
MmGetSystemRoutineAddress
PsCreateSystemThread
IoGetDeviceProperty
KeAcquireSpinLockAtDpcLevel
MmBuildMdlForNonPagedPool
KeInsertQueueDpc
PsTerminateSystemThread
DbgPrint
RtlInitAnsiString
IoWriteErrorLogEntry
IoAllocateErrorLogEntry
IoBuildSynchronousFsdRequest
IoDeleteSymbolicLink
MmUnmapIoSpace
_vsnwprintf
IoInitializeRemoveLockEx
ObfReferenceObject
MmMapIoSpace
IoReleaseRemoveLockEx
ZwCreateKey
RtlAppendUnicodeStringToString
KeInitializeMutex
IoCreateSymbolicLink
IoReleaseRemoveLockAndWaitEx
_vsnprintf
KeSetTimerEx
ExDeleteNPagedLookasideList
ExInitializeNPagedLookasideList
IoAcquireCancelSpinLock
IoConnectInterrupt
RtlWriteRegistryValue
MmProbeAndLockPages
IoInvalidateDeviceRelations
IoGetDmaAdapter
MmUnlockPages
KeSetPriorityThread
KeRemoveQueueDpc
ZwQuerySystemInformation

Sections

.text
Size: 315KB - Virtual size: 314KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 280B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 412KB - Virtual size: 411KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1f5e9c552ac60ce5ea5f5f5d999fc535

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 315KB - Virtual size: 314KB

.rdata Size: 512B - Virtual size: 280B

.data Size: 13KB - Virtual size: 12KB

INIT Size: 2KB - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 412KB - Virtual size: 411KB

.text
Size: 315KB - Virtual size: 314KB

.rdata
Size: 512B - Virtual size: 280B

.data
Size: 13KB - Virtual size: 12KB

INIT
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 412KB - Virtual size: 411KB