223fe0deba092b9f6272e26017d37e8f_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

223fe0deba092b9f6272e26017d37e8f_JaffaCakes118
Size

42KB
MD5

223fe0deba092b9f6272e26017d37e8f
SHA1

da874bdb35f5493e576a17b52e682d19fcdd9193
SHA256

2f65f0df035e6c13f92ba592a27d9a124f0aaf38639e7bc6da77faf94e679708
SHA512

2a1fc42bd4800b7be9eadc782fda5ed4d764c31c2524594dafe52dcbb21d9f276d7eb1daabf11fabf0effe9a52a7a88e4a8f414c2b078e13c666e5da34413ed7
SSDEEP

768:eQfN77x9bqKE3QJaSqMNlSWlJ2FyThGWKDxeWjXy5yQLO3EzJ4pOg99GJFaatHCo:1tlbs2aRbIxLzmnGfRit9EX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
223fe0deba092b9f6272e26017d37e8f_JaffaCakes118

Files

223fe0deba092b9f6272e26017d37e8f_JaffaCakes118
.sys windows:4 windows x86 arch:x86

9038267dffe5d0d2eb21c81354dee3f8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExAcquireResourceExclusiveLite
KeEnterCriticalRegion
sprintf
ExAcquireResourceSharedLite
ExReleaseResourceLite
IoFreeIrp
KeSetEvent
KeWaitForSingleObject
IofCallDriver
KeGetCurrentThread
IoAllocateIrp
KeInitializeEvent
memmove
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
strncmp
IoGetCurrentProcess
PsGetCurrentProcessId
strncpy
IoAttachDeviceToDeviceStack
ObfDereferenceObject
IoCreateDevice
IoGetRelatedDeviceObject
vsprintf
KeLeaveCriticalRegion
ZwCreateFile
RtlInitUnicodeString
IoQueryVolumeInformation
IoAttachDeviceByPointer
ExInterlockedPushEntrySList
KeQuerySystemTime
ExInterlockedPopEntrySList
ProbeForWrite
KeClearEvent
_except_handler3
IoDeleteDevice
IoDetachDevice
ExQueueWorkItem
IofCompleteRequest
strstr
MmMapLockedPages
IoDeleteSymbolicLink
ExInitializeNPagedLookasideList
ExInitializeResourceLite
IoCreateSymbolicLink
InterlockedIncrement
ExAllocatePoolWithTag
ExFreePool
ZwClose
ObReferenceObjectByHandle
_strlwr

hal

KeGetCurrentIrql
KeQueryPerformanceCounter
ExAcquireFastMutex
ExReleaseFastMutex

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9038267dffe5d0d2eb21c81354dee3f8

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 22KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 512B - Virtual size: 3KB

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 8KB - Virtual size: 8KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 22KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 3KB

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 8KB - Virtual size: 8KB

.reloc
Size: 4KB - Virtual size: 3KB