0e50c0ef84379bf1f73ec8deca6f86b2_JaffaCakes118

General

Target

0e50c0ef84379bf1f73ec8deca6f86b2_JaffaCakes118
Size

743KB
MD5

0e50c0ef84379bf1f73ec8deca6f86b2
SHA1

22840b037b2f05710199a9fa098cc61cc3da05ea
SHA256

47d9bbbb56e6e3f0189f4d87da802804f38ba5c215c3b105a914dee18ff58ae1
SHA512

be964ee6ac7c8d8c20a1461fc21d1f435249f6fd94cd7425b485098de93cc8adea3bb55af30c96a0bceb40d4fc5e5592452438e58d17ff3b16396b6966c348e5
SSDEEP

12288:n59eUgRJ4zI5uffzpdAy8xreyZsHzo8Q+ZvPX8oOF5+5dQfXdKBk5IxhEJGgJN+3:70Et8NeyZnKHJPOPdKBk5Ix6JrVId

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0e50c0ef84379bf1f73ec8deca6f86b2_JaffaCakes118

Files

0e50c0ef84379bf1f73ec8deca6f86b2_JaffaCakes118
.sys windows:4 windows x86 arch:x86

61c6ae6bb5d90538cff4e53e9cb6d772

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlInitUnicodeString
ZwClose
ExFreePoolWithTag
RtlCompareMemory
ZwQueryValueKey
ObfDereferenceObject
IoDetachDevice
MmMapLockedPagesSpecifyCache
ZwOpenKey
KeSetTimer
IoSetDeviceInterfaceState
KeReleaseSpinLockFromDpcLevel
IoAcquireRemoveLockEx
KeResetEvent
RtlAppendUnicodeToString
ObfReferenceObject
KeQueryTimeIncrement
KeReleaseMutex
KeInitializeMutex
IoCreateSymbolicLink
IoReleaseRemoveLockAndWaitEx
RtlIntegerToUnicodeString
IoGetAttachedDeviceReference
ExDeleteNPagedLookasideList
ZwCreateFile
RtlWriteRegistryValue
ZwQuerySystemInformation
IoGetDmaAdapter
ExAllocatePoolWithTag
IoCreateDevice
_snprintf

Sections

.text
Size: 311KB - Virtual size: 311KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 872B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 414KB - Virtual size: 413KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

61c6ae6bb5d90538cff4e53e9cb6d772

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 311KB - Virtual size: 311KB

.rdata Size: 512B - Virtual size: 176B

.data Size: 13KB - Virtual size: 13KB

INIT Size: 1024B - Virtual size: 872B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 414KB - Virtual size: 413KB

.text
Size: 311KB - Virtual size: 311KB

.rdata
Size: 512B - Virtual size: 176B

.data
Size: 13KB - Virtual size: 13KB

INIT
Size: 1024B - Virtual size: 872B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 414KB - Virtual size: 413KB