25c8aabf400a6419eef4969f83862f18_JaffaCakes118

General

Target

25c8aabf400a6419eef4969f83862f18_JaffaCakes118
Size

765KB
MD5

25c8aabf400a6419eef4969f83862f18
SHA1

3dedd0cd5c23d1c4c8cf03fc36ad2abe44a67e83
SHA256

a851b7394a40dc240b9c9ea8126758d4ee423f6e1d3086f733a6cfce087c8736
SHA512

2342326229a5e03c1e5272a13ada8a1966876fc630ef8bf83daa590718fbda438f0ccf84d322d52723ca2b5e348b1831dc2b102ca598b3d76db2616c7ce73d42
SSDEEP

12288:cAV9c+CVx/9ML6OvQbJ3g3Wcnkh6EcxpeF4KrgsTmBddmvOXOW6w4z74w:wpwL4bF+WYkH4YgZHwuVi5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
25c8aabf400a6419eef4969f83862f18_JaffaCakes118

Files

25c8aabf400a6419eef4969f83862f18_JaffaCakes118
.sys windows:4 windows x86 arch:x86

f8eb2c437bc72ac619f7eda0d7440b51

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

sprintf
ZwQuerySystemInformation
ExAllocatePoolWithTag
ExFreePoolWithTag
IoDeleteDevice
RtlMoveMemory
KeInitializeEvent
MmMapViewInSystemSpace
wcsncat
ZwCreateSection
MmGetPhysicalMemoryRanges
IoGetRequestorProcessId
SePrivilegeCheck
wcschr
RtlAllocateHeap
DbgPrintReturnControlC
RtlSetBits
ExAllocatePoolWithTagPriority
_except_handler3
_allshl
_wcsnset
CcMapData
ZwMakeTemporaryObject
RtlOemStringToUnicodeString
ZwOpenEvent
IoPageRead
KeRestoreFloatingPointState
CcCopyWrite
RtlFillMemory
IoSetFileOrigin
ZwDeleteFile
FsRtlNotifyInitializeSync
IoConnectInterrupt
LsaRegisterLogonProcess
InterlockedDecrement
DbgPrompt
ZwSetInformationFile
KdEnteredDebugger
IoCreateSymbolicLink
InbvCheckDisplayOwnership
KeSetAffinityThread
RtlDecompressChunks
IoRegisterLastChanceShutdownNotification
IoCreateDevice
KeLoaderBlock
NlsLeadByteInfo
ExInterlockedDecrementLong
IoWMISuggestInstanceName
NtMapViewOfSection
PsReferenceImpersonationToken
ObfDereferenceObject
ExSystemExceptionFilter
RtlUpcaseUnicodeString
KeI386GetLid

Sections

.text
Size: 349KB - Virtual size: 349KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 402KB - Virtual size: 401KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f8eb2c437bc72ac619f7eda0d7440b51

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 349KB - Virtual size: 349KB

.rdata Size: 512B - Virtual size: 244B

.data Size: 11KB - Virtual size: 25KB

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 402KB - Virtual size: 401KB

.text
Size: 349KB - Virtual size: 349KB

.rdata
Size: 512B - Virtual size: 244B

.data
Size: 11KB - Virtual size: 25KB

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 402KB - Virtual size: 401KB