30cb3b719892c71ad94bc79a74f110ba_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

30cb3b719892c71ad94bc79a74f110ba_JaffaCakes118
Size

723KB
MD5

30cb3b719892c71ad94bc79a74f110ba
SHA1

f49ab7b9ba053a254fb084be185a045cb9cfd79b
SHA256

9133ca92cd36ac2a2585d6e67a40bdc30986b44e7a814f7f225b9d99299d8dc5
SHA512

b57c2d2006d9886a437f299467bc61b2ba8133c57387a929c0b8b478e6ae9f0a6d966e155225f3e735101cc04d72c37b12f93e1005f6d29be4e30b6acde54c21
SSDEEP

12288:wREQAwEujFVoz7MoYS1Ae+j76qPGOv3Xb1tWHYs5GR951X7jedt:xdw9Uz7MdST+j7l/RtWHip7jYt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
30cb3b719892c71ad94bc79a74f110ba_JaffaCakes118

Files

30cb3b719892c71ad94bc79a74f110ba_JaffaCakes118
.sys windows:4 windows x86 arch:x86

0e12f18cf91dcedd12bb6bdbfc8831c5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

KeInitializeEvent
ZwClose
IofCompleteRequest
ExFreePoolWithTag
RtlCompareMemory
IoDeleteDevice
IoCreateDevice
ZwQueryValueKey
IoFreeIrp
IoAttachDeviceToDeviceStack
RtlFreeUnicodeString
MmMapLockedPagesSpecifyCache
ZwOpenKey
RtlQueryRegistryValues
IoOpenDeviceRegistryKey
IoFreeMdl
KeCancelTimer
IoAllocateWorkItem
IoBuildDeviceIoControlRequest
IoFreeWorkItem
IoWMIRegistrationControl
KeDelayExecutionThread
KeSetTimer
PoSetPowerState
IoRegisterDeviceInterface
KeReleaseSpinLockFromDpcLevel
IoGetDeviceProperty
KeAcquireSpinLockAtDpcLevel
KeInsertQueueDpc
IoReleaseCancelSpinLock
PsTerminateSystemThread
RtlAnsiStringToUnicodeString
IoWMIWriteEvent
DbgPrint
IoWriteErrorLogEntry
IoBuildSynchronousFsdRequest
MmUnmapIoSpace
_vsnwprintf
IoAcquireRemoveLockEx
IoInitializeRemoveLockEx
RtlUnicodeStringToAnsiString
RtlAppendUnicodeToString
ObfReferenceObject
MmMapIoSpace
IoReleaseRemoveLockEx
KeQueryTimeIncrement
KeReleaseMutex
RtlAppendUnicodeStringToString
KeInitializeMutex
IoCreateSymbolicLink
KeSetTimerEx
ExInitializeNPagedLookasideList
IoAcquireCancelSpinLock
KeWaitForMultipleObjects
IoDisconnectInterrupt
IoConnectInterrupt
RtlWriteRegistryValue
ZwQuerySystemInformation
MmProbeAndLockPages
IoInvalidateDeviceRelations
IoGetDmaAdapter
MmUnlockPages
ExAllocatePoolWithTag

Sections

.text
Size: 318KB - Virtual size: 318KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 385KB - Virtual size: 385KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0e12f18cf91dcedd12bb6bdbfc8831c5

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 318KB - Virtual size: 318KB

.rdata Size: 512B - Virtual size: 256B

.data Size: 14KB - Virtual size: 13KB

INIT Size: 2KB - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 385KB - Virtual size: 385KB

.text
Size: 318KB - Virtual size: 318KB

.rdata
Size: 512B - Virtual size: 256B

.data
Size: 14KB - Virtual size: 13KB

INIT
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 385KB - Virtual size: 385KB