39b227e165d8f6091afc00806e8d163b_JaffaCakes118

General

Target

39b227e165d8f6091afc00806e8d163b_JaffaCakes118
Size

747KB
MD5

39b227e165d8f6091afc00806e8d163b
SHA1

461b38a41ae32c4b42e78c69b8209a136a55348f
SHA256

be8a1c5d467c0d396256643a48b4c7a909571c53ff7f2fe686d04ea8735680b2
SHA512

dfa3d098e91348aa37668256cabd8af81cf6eab770bca6136e328cc3a73246fb1e4c9b13cb53c8df194be952c1bfa3cf415dca9b95811163c9e82a01e5651891
SSDEEP

12288:/D0uvKG5Le4IALJAUcZ+XpxIFFolCXcbdb02lUya53KgxqDKxRJWiIzYDF9TJZ5b:/D0YKG5Le49F3cIX/wol0cbi2lGTueWf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
39b227e165d8f6091afc00806e8d163b_JaffaCakes118

Files

39b227e165d8f6091afc00806e8d163b_JaffaCakes118
.sys windows:4 windows x86 arch:x86

6e1dca0eb2ebff9bd689ae8e8da16245

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

KeBugCheckEx
ExAllocatePoolWithTag
RtlInitUnicodeString
KeSetEvent
IofCallDriver
IofCompleteRequest
ExFreePoolWithTag
RtlCompareMemory
IoDeleteDevice
IoCreateDevice
IoFreeIrp
PoStartNextPowerIrp
IoAttachDeviceToDeviceStack
RtlFreeUnicodeString
IoAllocateIrp
KeInitializeDpc
KeCancelTimer
IoWMIRegistrationControl
KeClearEvent
ObReferenceObjectByHandle
MmGetSystemRoutineAddress
PoRequestPowerIrp
KeAcquireSpinLockAtDpcLevel
IoReleaseCancelSpinLock
PsTerminateSystemThread
DbgPrint
RtlInitAnsiString
IoBuildSynchronousFsdRequest
MmUnmapIoSpace
_vsnwprintf
RtlUnicodeStringToAnsiString
RtlAppendUnicodeToString
ObfReferenceObject
MmMapIoSpace
IoReleaseRemoveLockEx
KeReleaseMutex
RtlIntegerToUnicodeString
IoGetAttachedDeviceReference
KeSetTimerEx
ExInitializeNPagedLookasideList
KeWaitForMultipleObjects
IoDisconnectInterrupt
IoConnectInterrupt
RtlWriteRegistryValue
MmProbeAndLockPages
IoGetDmaAdapter
MmUnlockPages
ZwQuerySystemInformation
_snprintf

Sections

.text
Size: 312KB - Virtual size: 312KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 241B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 414KB - Virtual size: 413KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6e1dca0eb2ebff9bd689ae8e8da16245

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 312KB - Virtual size: 312KB

.rdata Size: 512B - Virtual size: 241B

.data Size: 16KB - Virtual size: 15KB

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 414KB - Virtual size: 413KB

.text
Size: 312KB - Virtual size: 312KB

.rdata
Size: 512B - Virtual size: 241B

.data
Size: 16KB - Virtual size: 15KB

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 414KB - Virtual size: 413KB