3f503d5fa2ccb50eef8737ba78a1b60e_JaffaCakes118

General

Target

3f503d5fa2ccb50eef8737ba78a1b60e_JaffaCakes118
Size

43KB
MD5

3f503d5fa2ccb50eef8737ba78a1b60e
SHA1

84bcba3e2602707327a4953e63b2e0265625a2e4
SHA256

2e0979cb4ccb4d514181dd2d6014996cede5de29d7f89d294ffd201b318cdf58
SHA512

027d320dd7d35b99fd65bad047d31fb9814adb5e656c3ad9689ff00cc8fb3e6cea1381b4b1d6332666e00018195ce9dca6c67805828c214dc2dee3fe9ba90c30
SSDEEP

384:wGYylw4XrShiUeXIjDhuxLzy8FxNbmTuDFxTUoDEP8wNyJ:DYCw47pXMhu0kx/Az

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3f503d5fa2ccb50eef8737ba78a1b60e_JaffaCakes118

Files

3f503d5fa2ccb50eef8737ba78a1b60e_JaffaCakes118
.sys windows:4 windows x86 arch:x86

7368c443d2190af4ac388233affecbf1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

NtDuplicateObject
ExAllocatePool
ZwQuerySystemInformation
RtlTraceDatabaseValidate
RtlDecompressBuffer
IoCreateController
FsRtlNotifyCleanup
PsRestoreImpersonation
PsSetCreateProcessNotifyRoutine
IoFreeWorkItem
CcCopyRead
RtlGetAce
KiUnexpectedInterrupt
LpcRequestPort
RtlSetAllBits
IoDeleteDriver
SePublicDefaultDacl
CcUnpinRepinnedBcb
PfxFindPrefix
FsRtlPostPagingFileStackOverflow
RtlDecompressChunks
PsImpersonateClient
MmUnmapLockedPages
MmAllocateContiguousMemory
IoGetDeviceObjectPointer
RtlGetNtGlobalFlags
RtlCopyUnicodeString
RtlLargeIntegerAdd
IoDeviceObjectType
RtlExtendedLargeIntegerDivide
CcGetDirtyPages
ExFreePool
READ_REGISTER_UCHAR
ZwClose
RtlGetSaclSecurityDescriptor
ExAcquireResourceExclusiveLite

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7368c443d2190af4ac388233affecbf1

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 10KB - Virtual size: 10KB

.data Size: 19KB - Virtual size: 19KB

.idata Size: 1KB - Virtual size: 1KB

.reloc Size: 7KB - Virtual size: 7KB

.text
Size: 10KB - Virtual size: 10KB

.data
Size: 19KB - Virtual size: 19KB

.idata
Size: 1KB - Virtual size: 1KB

.reloc
Size: 7KB - Virtual size: 7KB