2b264ddf30be1cf2983b954b534042cb_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2b264ddf30be1cf2983b954b534042cb_JaffaCakes118
Size

748KB
MD5

2b264ddf30be1cf2983b954b534042cb
SHA1

c736510ab718f526e1e96ef55d02c4d25b6f7cc6
SHA256

64dda018b84dfef43e7d1382fa0a0ce792b99b4187b6ad19c9eaaadef1bb3699
SHA512

3600b77ab132cbbac2af8da4dc085b37dd435532fc6d0e56a721cd14b11cc3cb333881f8f0231a060606aba397debf6563a71959f7b4670f48582bcfe727393c
SSDEEP

12288:l5QWi1MsDOD/TYcUKpiRbZz0nJw3v+OHJpFOlL3X9pBbMa/:jQWGDoTYcPpfOv+SHFM33l

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2b264ddf30be1cf2983b954b534042cb_JaffaCakes118

Files

2b264ddf30be1cf2983b954b534042cb_JaffaCakes118
.sys windows:4 windows x86 arch:x86

668d3c2374001f39c59009e5bfb7c408

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExAllocatePoolWithTag
RtlInitUnicodeString
KeWaitForSingleObject
KeInitializeEvent
KeSetEvent
ZwClose
IofCompleteRequest
ExFreePoolWithTag
IoDeleteDevice
ZwQueryValueKey
IoFreeIrp
ObfDereferenceObject
PoStartNextPowerIrp
IoAttachDeviceToDeviceStack
MmMapLockedPagesSpecifyCache
KeInitializeDpc
ZwOpenKey
RtlQueryRegistryValues
RtlCopyUnicodeString
IoFreeMdl
ExFreePool
IoFreeWorkItem
IoWMIRegistrationControl
KeDelayExecutionThread
KeClearEvent
ObReferenceObjectByHandle
KeSetTimer
IoSetDeviceInterfaceState
IoCancelIrp
PoSetPowerState
IoRegisterDeviceInterface
ZwSetValueKey
MmGetSystemRoutineAddress
KeReleaseSpinLockFromDpcLevel
PoRequestPowerIrp
PsCreateSystemThread
IoGetDeviceProperty
KeAcquireSpinLockAtDpcLevel
MmBuildMdlForNonPagedPool
KeInsertQueueDpc
IoReleaseCancelSpinLock
PsTerminateSystemThread
RtlAnsiStringToUnicodeString
IoWriteErrorLogEntry
IoBuildSynchronousFsdRequest
IoDeleteSymbolicLink
MmUnmapIoSpace
_vsnwprintf
IoAcquireRemoveLockEx
IoInitializeRemoveLockEx
RtlUnicodeStringToAnsiString
KeResetEvent
RtlAppendUnicodeToString
ObfReferenceObject
MmMapIoSpace
IoReleaseRemoveLockEx
ZwCreateKey
KeReleaseMutex
RtlAppendUnicodeStringToString
KeInitializeMutex
IoCreateSymbolicLink
IoReleaseRemoveLockAndWaitEx
_vsnprintf
RtlIntegerToUnicodeString
ExDeleteNPagedLookasideList
ExInitializeNPagedLookasideList
IoAcquireCancelSpinLock
IoDisconnectInterrupt
IoConnectInterrupt
ZwCreateFile
RtlWriteRegistryValue
MmProbeAndLockPages
IoInvalidateDeviceRelations
IoGetDmaAdapter
MmUnlockPages
KeSetPriorityThread
KeRemoveQueueDpc
IoGetDeviceObjectPointer
ZwQuerySystemInformation

Sections

.text
Size: 315KB - Virtual size: 314KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 412KB - Virtual size: 411KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

668d3c2374001f39c59009e5bfb7c408

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 315KB - Virtual size: 314KB

.rdata Size: 512B - Virtual size: 320B

.data Size: 15KB - Virtual size: 15KB

INIT Size: 2KB - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 412KB - Virtual size: 411KB

.text
Size: 315KB - Virtual size: 314KB

.rdata
Size: 512B - Virtual size: 320B

.data
Size: 15KB - Virtual size: 15KB

INIT
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 412KB - Virtual size: 411KB