245fd380905a8ac5d834aec78623c29c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

245fd380905a8ac5d834aec78623c29c_JaffaCakes118
Size

764KB
MD5

245fd380905a8ac5d834aec78623c29c
SHA1

c00944b9c48168e9910bce52422d461db8b658e2
SHA256

b5bfb66052e9ec9ba54e7ef1044251f835fe4c9b46a7c5577462e4dd74955061
SHA512

4920cc3c5d828aede49e9766532a57d3def8c376191d70b7f049be3b49de19d172fb111036932c70676c2d029b5f91b7db5ec2677623c3f1014bc038ca9cf247
SSDEEP

12288:k0sPcHHmIpjnAWmIoY+WcMPz47cp0aPSn/kWSgH+OG+eMPJl3SA7Vta:YPIpT2Y+WcMPzOU0aPSn/kWzeGJliA7u

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
245fd380905a8ac5d834aec78623c29c_JaffaCakes118

Files

245fd380905a8ac5d834aec78623c29c_JaffaCakes118
.sys windows:4 windows x86 arch:x86

6e657ac6aca02edbe9b07a251ae4c466

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwQuerySystemInformation
ExAllocatePoolWithTag
ExFreePoolWithTag
RtlInsertUnicodePrefix
MmFreeContiguousMemory
RtlGetSaclSecurityDescriptor
NtWriteFile
ZwCancelTimer
ExSetTimerResolution
RtlNextUnicodePrefix
ExInterlockedPopEntrySList
RtlUnicodeStringToCountedOemString
FsRtlCheckLockForReadAccess
RtlTimeToTimeFields
IoCreateSymbolicLink
SeQueryInformationToken
SeAuditHardLinkCreation
LpcPortObjectType
NtQueryInformationFile
ZwOpenEvent
FsRtlMdlWriteCompleteDev
RtlInsertElementGenericTable
ExfInterlockedRemoveHeadList
KeBugCheck
ExfInterlockedInsertHeadList
PsRevertToSelf
MmAllocateContiguousMemory
NtSetInformationProcess
ExUnregisterCallback
KeRegisterBugCheckCallback
IoSetFileOrigin
KeSetKernelStackSwapEnable
ExInterlockedDecrementLong
IoReleaseCancelSpinLock
ZwMakeTemporaryObject
_allshl
ExAllocatePoolWithQuota
IoWMISuggestInstanceName
ExInterlockedInsertHeadList
RtlAssert
IoDeleteDevice
CcRepinBcb
RtlFindLeastSignificantBit
IoFastQueryNetworkAttributes
ObCheckCreateObjectAccess
KeInsertDeviceQueue
RtlFindClearRuns
NtDeleteAtom
MmSetBankedSection
RtlSubtreeSuccessor
RtlTraceDatabaseFind
IoBuildDeviceIoControlRequest
IoCreateDevice
KeEnterKernelDebugger
PoSetSystemState
KeInitializeMutant
CcMdlWriteComplete
IoQueueThreadIrp
RtlCharToInteger
RtlNtStatusToDosErrorNoTeb
IoMakeAssociatedIrp
WRITE_REGISTER_BUFFER_UCHAR
IoFileObjectType
IoGetDmaAdapter
FsRtlGetNextLargeMcbEntry
ExGetPreviousMode
IoAcquireVpbSpinLock
RtlAddAccessAllowedAce
IoGetRequestorProcess

Sections

.text
Size: 349KB - Virtual size: 349KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 402KB - Virtual size: 401KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6e657ac6aca02edbe9b07a251ae4c466

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 349KB - Virtual size: 349KB

.rdata Size: 512B - Virtual size: 512B

.data Size: 9KB - Virtual size: 23KB

INIT Size: 2KB - Virtual size: 1KB

.reloc Size: 402KB - Virtual size: 401KB

.text
Size: 349KB - Virtual size: 349KB

.rdata
Size: 512B - Virtual size: 512B

.data
Size: 9KB - Virtual size: 23KB

INIT
Size: 2KB - Virtual size: 1KB

.reloc
Size: 402KB - Virtual size: 401KB