34f4a2912236d5932961fd1913b961dc_JaffaCakes118

General

Target

34f4a2912236d5932961fd1913b961dc_JaffaCakes118
Size

31KB
MD5

34f4a2912236d5932961fd1913b961dc
SHA1

7c53b2964ecd7c4a7ab8f944a2de4c936a4ad435
SHA256

17b7955571cfcf9f49ce3d98940d5f204d7530a9c9924e1df257aadd2f5c4788
SHA512

ae4722a64a49da803d60668d317c3d756875a20c8b363fe404500ee5e942d863ddda7a324c7446fb1aa282520d222e6e96e586437535e319c63b4d34dfd46a20
SSDEEP

384:oc2+y2bm8J+8L8KNDcQumUDeaADbdAerNxFqJKBlIA+ZB7aak:MIbm61xvK8bjrNx0JKMt7aa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
34f4a2912236d5932961fd1913b961dc_JaffaCakes118

Files

34f4a2912236d5932961fd1913b961dc_JaffaCakes118
.sys windows:5 windows x86 arch:x86

4a5d982b8172aef5fb5ed540a6696c97

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExFreePoolWithTag
ExAllocatePool
KeGetCurrentThread
PsSetCreateProcessNotifyRoutine
SeSinglePrivilegeCheck
ZwDisplayString
IoAttachDeviceByPointer
KeCancelTimer
ZwCreateTimer
IoGetDeviceObjectPointer
FsRtlIsTotalDeviceFailure
IoReportDetectedDevice
IoQueryDeviceDescription
KeWaitForSingleObject
KeSetTimer
wcsstr
RtlQueryRegistryValues
RtlWriteRegistryValue
KeInitializeDpc
_wcsicmp
KeInitializeTimer
strncmp
RtlFreeUnicodeString
RtlInitUnicodeString
RtlUnicodeStringToInteger
RtlCopyUnicodeString
RtlDelete
RtlAnsiStringToUnicodeString
_allmul
memset
MmRemovePhysicalMemory
MmGetPhysicalMemoryRanges
MmGetPhysicalAddress

Exports

Exports

__MMGetSystemMemory@0
___MMSetSystemMemory@0

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.datac
Size: 1024B - Virtual size: 614B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 896B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4a5d982b8172aef5fb5ed540a6696c97

Headers

File Characteristics

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 3KB

.datac Size: 1024B - Virtual size: 614B

.data Size: 512B - Virtual size: 512B

INIT Size: 1024B - Virtual size: 896B

.rsrc Size: 23KB - Virtual size: 22KB

.reloc Size: 512B - Virtual size: 272B

.text
Size: 4KB - Virtual size: 3KB

.datac
Size: 1024B - Virtual size: 614B

.data
Size: 512B - Virtual size: 512B

INIT
Size: 1024B - Virtual size: 896B

.rsrc
Size: 23KB - Virtual size: 22KB

.reloc
Size: 512B - Virtual size: 272B