14ca3715b4b81fec239143e682866c95_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

14ca3715b4b81fec239143e682866c95_JaffaCakes118
Size

747KB
MD5

14ca3715b4b81fec239143e682866c95
SHA1

ab7ec8461f647f0f6e95f4c64fa190f464de2359
SHA256

10322e21b8916d9dc6b8a0f0388d7036632d33b86e6a471f889c9c37fd4e3b69
SHA512

2bbdd0a12dc85ba5aeaf3274c252126f205af1121e0d024b09622a567ea3ea3dbeadfa858213dc90ace6a5e690fe7911212f4c7021edf2f58f56fecc81e6b5ee
SSDEEP

12288:upUmcniXZW6pWkNLahi/NVxAVe1T8UoryJBWiRb6CYFZD3rb24mZN+Z9Yckvu53N:uplcnipWSZLxlV6Y1oUBWY2Cq7mv+Z9l

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
14ca3715b4b81fec239143e682866c95_JaffaCakes118

Files

14ca3715b4b81fec239143e682866c95_JaffaCakes118
.sys windows:4 windows x86 arch:x86

9a7e0464fdd6f9340b926fd886962ceb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

KeBugCheckEx
ExAllocatePoolWithTag
RtlInitUnicodeString
KeWaitForSingleObject
KeSetEvent
IofCallDriver
ZwClose
IofCompleteRequest
ExFreePoolWithTag
RtlCompareMemory
IoDeleteDevice
IoCreateDevice
ZwQueryValueKey
PoCallDriver
IoFreeIrp
ObfDereferenceObject
IoAttachDeviceToDeviceStack
RtlFreeUnicodeString
IoAllocateIrp
KeInitializeDpc
RtlCopyUnicodeString
IoOpenDeviceRegistryKey
IoFreeMdl
KeCancelTimer
IoAllocateMdl
IoFreeWorkItem
IoWMIRegistrationControl
KeClearEvent
IoSetDeviceInterfaceState
PoSetPowerState
ZwSetValueKey
MmGetSystemRoutineAddress
PoRequestPowerIrp
PsCreateSystemThread
IoGetDeviceProperty
KeAcquireSpinLockAtDpcLevel
MmBuildMdlForNonPagedPool
KeInsertQueueDpc
PsTerminateSystemThread
RtlAnsiStringToUnicodeString
IoWMIWriteEvent
DbgPrint
RtlInitAnsiString
MmUnmapIoSpace
_vsnwprintf
IoInitializeRemoveLockEx
KeResetEvent
RtlAppendUnicodeToString
ObfReferenceObject
MmMapIoSpace
IoReleaseRemoveLockEx
ZwCreateKey
KeInitializeMutex
IoCreateSymbolicLink
_vsnprintf
RtlIntegerToUnicodeString
IoGetAttachedDeviceReference
KeSetTimerEx
ExInitializeNPagedLookasideList
IoAcquireCancelSpinLock
KeWaitForMultipleObjects
IoDisconnectInterrupt
ZwQuerySystemInformation
IoGetDmaAdapter
MmUnlockPages
KeSetPriorityThread
KeRemoveQueueDpc
IoGetDeviceObjectPointer

Sections

.text
Size: 314KB - Virtual size: 314KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 276B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 412KB - Virtual size: 411KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9a7e0464fdd6f9340b926fd886962ceb

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 314KB - Virtual size: 314KB

.rdata Size: 512B - Virtual size: 276B

.data Size: 15KB - Virtual size: 15KB

INIT Size: 2KB - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 412KB - Virtual size: 411KB

.text
Size: 314KB - Virtual size: 314KB

.rdata
Size: 512B - Virtual size: 276B

.data
Size: 15KB - Virtual size: 15KB

INIT
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 412KB - Virtual size: 411KB