3060e5113f1cc7dbc97ba8a670afd894_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3060e5113f1cc7dbc97ba8a670afd894_JaffaCakes118
Size

150KB
MD5

3060e5113f1cc7dbc97ba8a670afd894
SHA1

a187744852be341dc448a19f9b97c12d52c3e65f
SHA256

0118cae3841b7c7343140062b973e833160e7b6062e987533da41ebf5b60c88b
SHA512

2c6caa633a60f4bf9a12bedb4e548458ef15ad032fdb2b80d29463b1cbe2e7a185af042005842e072d298472eea00c213748ba62a6fbcf7339fa0855f4ca09fc
SSDEEP

3072:MyWhWyqni0XA6dUIv6UmtD+nuWo18V1YDxntqU+Jpd4:l9yqi0XA6Lv6UmJ+nuWy8Rhrd4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3060e5113f1cc7dbc97ba8a670afd894_JaffaCakes118

Files

3060e5113f1cc7dbc97ba8a670afd894_JaffaCakes118
.sys windows:6 windows x86 arch:x86

13f067e76fe5aed4311fd2c380713cf2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

pci.pdb

Imports

ntoskrnl.exe

RtlFindRange
KeLeaveCriticalRegion
KeSetEvent
KeWaitForSingleObject
KeEnterCriticalRegion
PoUnregisterPowerSettingCallback
IoGetDeviceProperty
IoAcquireRemoveLockEx
IoReleaseRemoveLockEx
PoRegisterPowerSettingCallback
_allmul
RtlFindClosestEncodableLength
RtlIoEncodeMemIoResource
memcpy
ZwSetValueKey
ZwDeleteKey
RtlEqualUnicodeString
ZwCreateKey
RtlIntegerToUnicodeString
ZwClose
IoDeleteDevice
IoDetachDevice
IoAttachDeviceToDeviceStack
RtlAreBitsClear
RtlSetBits
RtlClearAllBits
RtlInitializeBitMap
IoInitializeRemoveLockEx
KeInitializeEvent
IoCreateDevice
RtlFindLongestRunClear
RtlFindSetBits
RtlSetBit
RtlClearBits
_aullrem
IofCompleteRequest
IofCallDriver
KeFlushQueuedDpcs
IoReleaseRemoveLockAndWaitEx
ObfReferenceObject
PoRequestPowerIrp
PoCallDriver
KeBugCheckEx
IoGetDmaAdapter
ObfDereferenceObject
VfFailDeviceNode
IoOpenDeviceRegistryKey
RtlInitUnicodeString
MmUnmapIoSpace
KeQueryActiveProcessorCountEx
PoSetPowerState
KdEnableDebugger
KeIpiGenericCall
KdDisableDebugger
IoCancelIrp
KeDelayExecutionThread
KeQueryTimeIncrement
PoSetSystemWake
KefReleaseSpinLockFromDpcLevel
KefAcquireSpinLockAtDpcLevel
PoGetSystemWake
IoReleaseCancelSpinLock
IoInvalidateDeviceRelations
EtwUnregister
EtwWrite
EtwRegister
RtlIsRangeAvailable
ZwOpenKey
ExfInterlockedInsertTailList
KeSetTimer
ExRegisterCallback
ExCreateCallback
KeInitializeDpc
IoUninitializeWorkItem
ExUnregisterCallback
IoQueueWorkItem
WheaAddErrorSource
HalDispatchTable
IoInitializeWorkItem
KeInitializeTimer
IoSizeofWorkItem
_allshl
EmProviderRegister
EmProviderDeregister
EmClientRuleEvaluate
InitSafeBootMode
ExIsProcessorFeaturePresent
ZwEnumerateValueKey
ZwQueryKey
KeCancelTimer
IoRequestDeviceEjectEx
RtlFindMessage
ZwQuerySystemInformation
RtlFreeUnicodeString
RtlFindLeastSignificantBit
NtQuerySystemInformationEx
RtlCopyUnicodeString
RtlFindMostSignificantBit
WRITE_REGISTER_BUFFER_ULONG
RtlQueryRegistryValues
READ_REGISTER_BUFFER_ULONG
WheaReportHwError
WheaGetErrorSource
IoDisconnectInterruptEx
IoConnectInterruptEx
KeInsertQueueDpc
KeSynchronizeExecution
KeClearEvent
PsTerminateSystemThread
KeWaitForMultipleObjects
ExfInterlockedRemoveHeadList
HalPrivateDispatchTable
IoAssignResources
IoSetDevicePropertyData
IoGetDevicePropertyData
MmMapIoSpace
ObReferenceObjectByHandle
PsCreateSystemThread
RtlCmEncodeMemIoResource
IoBuildDeviceIoControlRequest
IoGetAttachedDeviceReference
ZwQueryValueKey
IoBuildSynchronousFsdRequest
IoUnregisterPlugPlayNotification
VfFailSystemBIOS
IoRegisterPlugPlayNotification
VfIsVerificationEnabled
WheaConfigureErrorSource
WheaInitializeRecordHeader
KeTickCount
RtlUnwind
RtlGetFirstRange
RtlGetNextRange
memset
ExAllocatePoolWithTag
_vsnwprintf
_aulldiv
RtlIoDecodeMemIoResource
RtlCmDecodeMemIoResource
RtlInitializeRangeList
RtlAddRange
RtlInvertRangeList
RtlFreeRangeList
EmClientQueryRuleState
ExFreePoolWithTag
RtlDeleteOwnersRanges
RtlCopyRangeList
RtlDeleteRange
_wcsicmp

hal

KeAcquireInStackQueuedSpinLock
KfReleaseSpinLock
HalGetBusDataByOffset
HalGetMessageRoutingInfo
HalGetInterruptTargetInformation
KeStallExecutionProcessor
KeReleaseInStackQueuedSpinLock
KeGetCurrentIrql
HalTranslateBusAddress
KfAcquireSpinLock

pshed

PshedGetErrorSourceInfo
PshedRetrieveErrorInfo

Sections

.text
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGEKD
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

13f067e76fe5aed4311fd2c380713cf2

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

hal

pshed

Sections

.text Size: 40KB - Virtual size: 40KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 2KB - Virtual size: 6KB

PAGE Size: 72KB - Virtual size: 72KB

PAGEKD Size: 1KB - Virtual size: 1KB

INIT Size: 8KB - Virtual size: 8KB

.rsrc Size: 7KB - Virtual size: 7KB

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 40KB - Virtual size: 40KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 2KB - Virtual size: 6KB

PAGE
Size: 72KB - Virtual size: 72KB

PAGEKD
Size: 1KB - Virtual size: 1KB

INIT
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 7KB - Virtual size: 7KB

.reloc
Size: 5KB - Virtual size: 4KB