18de925ef77f563ea977fdd9b197a47b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

18de925ef77f563ea977fdd9b197a47b_JaffaCakes118
Size

22KB
MD5

18de925ef77f563ea977fdd9b197a47b
SHA1

573f011ce554a3cbec52883a535d4a6b2c76efc9
SHA256

22428fcb01f54b86c35865480c752a91f9d22e7cd038554a805b4d9e39366957
SHA512

aaca75891c0da9520eaa86b6b3732878508d2b7590430054926bd89b19e23c55fc9acd1c3b99832000373cffa45b395b632fbd81f03ca845810acdfa8e3280d3
SSDEEP

384:qCHaFTQgOFBihm6u3cL3gYzJJmgnjMoMayzGtpTDSDaIEj/gyzGtL:q1POFBq5uQInGHSDa3jXGl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
18de925ef77f563ea977fdd9b197a47b_JaffaCakes118

Files

18de925ef77f563ea977fdd9b197a47b_JaffaCakes118
.sys windows:5 windows x86 arch:x86

ab96b40c9eb8d8223ca26fd7febfe0ac

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlFreeUnicodeString
IoCreateDevice
RtlInitUnicodeString
RtlQueryRegistryValues
IofCompleteRequest
IoReleaseRemoveLockEx
KeWaitForSingleObject
IoDeleteDevice
IoCreateSymbolicLink
IofCallDriver
IoReleaseRemoveLockAndWaitEx
IoSetDeviceInterfaceState
IoAcquireRemoveLockEx
KeSetEvent
PoCallDriver
PoStartNextPowerIrp
KeInitializeEvent
IoRegisterDeviceInterface
MmMapIoSpace
RtlWriteRegistryValue
strncpy
MmGetPhysicalAddress
ExFreePool
ExAllocatePoolWithTag
ZwClose
ObfDereferenceObject
ObReferenceObjectByHandle
ZwSetInformationThread
PsCreateSystemThread
KeNumberProcessors
PsTerminateSystemThread
WRITE_REGISTER_UCHAR
READ_REGISTER_UCHAR
KeInitializeSpinLock
IoAttachDeviceToDeviceStack
IoDeleteSymbolicLink
MmFreeContiguousMemory
IoInitializeRemoveLockEx
IoDetachDevice
MmUnmapIoSpace
MmAllocateContiguousMemory
memmove

hal

HalSetBusData
KfAcquireSpinLock
READ_PORT_UCHAR
KfReleaseSpinLock
WRITE_PORT_UCHAR
HalGetBusData
HalTranslateBusAddress

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 320B - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 96B - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 96B - Virtual size: 87B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.dsgf
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 992B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 640B - Virtual size: 618B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ab96b40c9eb8d8223ca26fd7febfe0ac

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 12KB - Virtual size: 12KB

.rdata Size: 320B - Virtual size: 320B

.data Size: 96B - Virtual size: 76B

PAGE Size: 96B - Virtual size: 87B

INIT Size: 1KB - Virtual size: 1KB

.dsgf Size: 6KB - Virtual size: 6KB

.rsrc Size: 992B - Virtual size: 976B

.reloc Size: 640B - Virtual size: 618B

.text
Size: 12KB - Virtual size: 12KB

.rdata
Size: 320B - Virtual size: 320B

.data
Size: 96B - Virtual size: 76B

PAGE
Size: 96B - Virtual size: 87B

INIT
Size: 1KB - Virtual size: 1KB

.dsgf
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 992B - Virtual size: 976B

.reloc
Size: 640B - Virtual size: 618B