319ea9cc46b6478ba7488cdc8f1df49c_JaffaCakes118

General

Target

319ea9cc46b6478ba7488cdc8f1df49c_JaffaCakes118
Size

73KB
MD5

319ea9cc46b6478ba7488cdc8f1df49c
SHA1

cebb4be494b3391cc19b3df4d21e83bdf87edc33
SHA256

e4f4296de38643d770b2d1c3ac03001bda3a470d18b1d03f073a8725cca03914
SHA512

b534b78ab650c8240fa8f424eb288defc0d4364a77aec72ccd130cb24fdc67d23421856ea3fff717abeb63a6791b6177a128039d58f0cc63ab748f135f82ed1a
SSDEEP

1536:3H8WjCcqsz7GVD4/w/J6WWkSylCLAcOUlKzs4lYZXgppc/lggxCy+EBC9S4A1WLM:Dpqsz7GVD4oRvWkRVQaYZc6i47WJ76

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
319ea9cc46b6478ba7488cdc8f1df49c_JaffaCakes118

Files

319ea9cc46b6478ba7488cdc8f1df49c_JaffaCakes118
.sys windows:4 windows x86 arch:x86

88170f6aae5591774494af166610815c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwClose
ExFreePool
PsCreateSystemThread
InterlockedExchange
InterlockedCompareExchange
IofCallDriver
DbgPrint
ObfDereferenceObject
IoAttachDevice
IoCreateDevice
RtlInitUnicodeString
KeSetEvent
KeWaitForSingleObject
KeInitializeEvent
ObReferenceObjectByHandle
ZwCreateFile
IoBuildDeviceIoControlRequest
IoGetRelatedDeviceObject
IoFreeMdl
MmProbeAndLockPages
IoAllocateMdl
_except_handler3
memset
_allmul
ExSystemTimeToLocalTime
KeQuerySystemTime
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
KeGetCurrentThread
RtlCompareUnicodeString
RtlFreeUnicodeString
ZwCreateKey
ZwEnumerateKey
ZwQueryKey
ZwQueryValueKey
ZwSetValueKey
ZwDeleteValueKey
IofCompleteRequest
MmMapLockedPagesSpecifyCache
RtlCompareMemory
KeSetTimerEx
KeInitializeTimerEx
RtlAnsiStringToUnicodeString
strlen
RtlInitAnsiString
KeInitializeSpinLock
ExAllocatePoolWithTag
KeDelayExecutionThread
memcpy

hal

KfAcquireSpinLock
KeGetCurrentIrql
KfReleaseSpinLock

Sections

.text
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

88170f6aae5591774494af166610815c

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 56KB - Virtual size: 56KB

.rdata Size: 10KB - Virtual size: 10KB

.data Size: 2KB - Virtual size: 2KB

.rsrc Size: 1024B - Virtual size: 920B

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 56KB - Virtual size: 56KB

.rdata
Size: 10KB - Virtual size: 10KB

.data
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1024B - Virtual size: 920B

.reloc
Size: 2KB - Virtual size: 2KB