358b9e59143fd11a1260973343d5ccce_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

358b9e59143fd11a1260973343d5ccce_JaffaCakes118
Size

39KB
MD5

358b9e59143fd11a1260973343d5ccce
SHA1

98cabb58a169c73a22663d3b1a9c2628d712aff2
SHA256

a3faeebbdf558e2876a5e143d535767aae0de98079a971e155ba445415b02183
SHA512

43b79562578f011924a69d435cc840bbee6065a1650355ffee4afdd7c589af29ee2f56dd7ef47d460bf2f3c6e302e700daf98be748ad7bf1a8a3445609ab1710
SSDEEP

768:BVFt9ap7U4BBQARQk1B8cxh4v6GnV8FGB5:NapI4BBQARlbxiiGnVB5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
358b9e59143fd11a1260973343d5ccce_JaffaCakes118

Files

358b9e59143fd11a1260973343d5ccce_JaffaCakes118
.sys windows:4 windows x86 arch:x86

8aaf217572f8831b0995d2559ebad095

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

KeAttachProcess
KeDetachProcess
MmIsAddressValid
ObDereferenceObject
ObReferenceObjectByHandle
ObReferenceObjectByPointer
RtlFreeAnsiString
RtlInitUnicodeString
RtlUnicodeStringToAnsiString
RtlZeroMemory
ZwAllocateVirtualMemory
_stricmp
memcpy
strcpy
strlen
PsProcessType
MmSystemRangeStart
MmSectionObjectType
IoFileObjectType
IoAllocateMdl
IoCompleteRequest
IoCreateDevice
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
IoFreeMdl
IoIsWdmVersionAvailable
MmBuildMdlForNonPagedPool
MmMapLockedPages
MmUnmapLockedPages
ProbeForRead
KeServiceDescriptorTable
InterlockedExchange
ExSystemTimeToLocalTime
KeDelayExecutionThread
KeQuerySystemTime
PsCreateSystemThread
PsTerminateSystemThread
RtlLargeIntegerSubtract
ZwClose
ZwCreateKey
ZwOpenFile
ZwQueryInformationFile
ZwReadFile
ZwSetValueKey
ExAllocatePool
ExFreePool
RtlAnsiStringToUnicodeString
RtlFreeUnicodeString
RtlInitAnsiString
ZwQuerySystemInformation
strcat
RtlCompareUnicodeString
KeWaitForSingleObject
IoGetCurrentProcess

hal

KeGetCurrentIrql

Sections

.text
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 928B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1012B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8aaf217572f8831b0995d2559ebad095

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 32KB - Virtual size: 32KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 32B - Virtual size: 24B

INIT Size: 2KB - Virtual size: 2KB

.rsrc Size: 928B - Virtual size: 928B

.reloc Size: 1024B - Virtual size: 1012B

.text
Size: 32KB - Virtual size: 32KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 32B - Virtual size: 24B

INIT
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 928B - Virtual size: 928B

.reloc
Size: 1024B - Virtual size: 1012B