3f0326970993e8c646423c2036eb7812_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

3f0326970993e8c646423c2036eb7812_JaffaCakes118
Size

22KB
MD5

3f0326970993e8c646423c2036eb7812
SHA1

c86011d2f0f2a10b71956a6006144e3ac14f53d6
SHA256

d145cc0247e98768d9dfd6bcf30bf53708d6c606ad52cd2b42acc83039dde90e
SHA512

f217f9c3a3922e83dad8b1c2cfad4c8ace710d92f3c00236045ac9ec1274b1363ba7abd7349f915fc07dbf059ff928bcb5025ee6135e749dd98e55a5ea9cbc2d
SSDEEP

384:jYZaEWjWWf7ZTAWJqDw1+ZWJWwm23frQWaYHaYD+kFaFZqeWjWW:2O3lJcjW5mWJR+Rsj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3f0326970993e8c646423c2036eb7812_JaffaCakes118

Files

3f0326970993e8c646423c2036eb7812_JaffaCakes118
.sys windows:5 windows x86 arch:x86

bceab9763b883ed66b048f78ee5877b7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

rootmdm.pdb

Imports

ntoskrnl.exe

IofCompleteRequest
IofCallDriver
ExFreePoolWithTag
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
ZwClose
RtlQueryRegistryValues
IoOpenDeviceRegistryKey
ExAllocatePoolWithTag
RtlInitUnicodeString
ExInitializeResourceLite
KeInitializeEvent
KeInitializeSpinLock
IoDeleteDevice
IoAttachDeviceToDeviceStack
IoCreateDevice
DbgBreakPoint
memmove
ExDeleteResourceLite
IoDetachDevice
KeWaitForSingleObject
PoCallDriver
PoStartNextPowerIrp
PoSetPowerState
PoRequestPowerIrp
KeLeaveCriticalRegion
ExReleaseResourceLite
ObfDereferenceObject
IoBuildDeviceIoControlRequest
ObfReferenceObject
IoGetDeviceObjectPointer
ExAcquireResourceExclusiveLite
KeEnterCriticalRegion
KeSetEvent

Sections

.text
Size: 384B - Virtual size: 282B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.lyhf
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 256B - Virtual size: 236B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bceab9763b883ed66b048f78ee5877b7

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Sections

.text Size: 384B - Virtual size: 282B

.rdata Size: 256B - Virtual size: 208B

.data Size: 128B - Virtual size: 4B

PAGE Size: 1KB - Virtual size: 1KB

INIT Size: 1KB - Virtual size: 1KB

.lyhf Size: 17KB - Virtual size: 17KB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 256B - Virtual size: 236B

.text
Size: 384B - Virtual size: 282B

.rdata
Size: 256B - Virtual size: 208B

.data
Size: 128B - Virtual size: 4B

PAGE
Size: 1KB - Virtual size: 1KB

INIT
Size: 1KB - Virtual size: 1KB

.lyhf
Size: 17KB - Virtual size: 17KB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 256B - Virtual size: 236B