3b894ebdc005b6404b2608f3d74dad93_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3b894ebdc005b6404b2608f3d74dad93_JaffaCakes118
Size

49KB
MD5

3b894ebdc005b6404b2608f3d74dad93
SHA1

287c718cf96540a5c89e32cbafe47522fc16125e
SHA256

b700e800aa381f9a8d439cb9ca1deee5b0f5ec7051c3344096a3813bfe4fe051
SHA512

035311bed0134e897a4e9874c8cda12b6837258c2f839a4e4412ea148cd4b1099a64a94aff60c1b26f12bebc4043f05c8947cc52d5dc863efccf08a37e0084eb
SSDEEP

1536:R8NYwscU508dZ2g0YoIu4cQRaKpjdDjWn:R9N5Hv2g1Vu4cQIwj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3b894ebdc005b6404b2608f3d74dad93_JaffaCakes118

Files

3b894ebdc005b6404b2608f3d74dad93_JaffaCakes118
.sys windows:6 windows x86 arch:x86

cd90c7cdf8926521b2e646f9275d9a75

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

MmMapLockedPagesSpecifyCache
KeAttachProcess
PsLookupProcessByProcessId
MmBuildMdlForNonPagedPool
IoAllocateMdl
ExAllocatePoolWithTag
ObOpenObjectByPointer
ZwQuerySystemInformation
ExFreePoolWithTag
ZwClose
wcsncmp
ZwQueryObject
ZwDuplicateObject
ZwOpenProcess
RtlInitUnicodeString
KeDelayExecutionThread
KeSetEvent
PsGetCurrentProcessId
KeDetachProcess
MmIsAddressValid
KeAddSystemServiceTable
ZwQueryInformationProcess
ObReferenceObjectByHandle
ExEventObjectType
IoDeleteSymbolicLink
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
IoGetCurrentProcess
memset
IoFreeMdl
MmUnlockPages
MmProbeAndLockPages
KeUnstackDetachProcess
KeStackAttachProcess
KeTickCount
ObfDereferenceObject
IofCompleteRequest
KeServiceDescriptorTable
KeInitializeEvent
RtlUnwind
KeBugCheckEx

hal

ExReleaseFastMutex
KeGetCurrentIrql
ExAcquireFastMutex

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 376B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 512B - Virtual size: 420B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 384B - Virtual size: 360B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cd90c7cdf8926521b2e646f9275d9a75

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 384B - Virtual size: 376B

.data Size: 128B - Virtual size: 104B

INIT Size: 1KB - Virtual size: 1KB

.vmp0 Size: 512B - Virtual size: 420B

.vmp1 Size: 41KB - Virtual size: 41KB

.reloc Size: 384B - Virtual size: 360B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 384B - Virtual size: 376B

.data
Size: 128B - Virtual size: 104B

INIT
Size: 1KB - Virtual size: 1KB

.vmp0
Size: 512B - Virtual size: 420B

.vmp1
Size: 41KB - Virtual size: 41KB

.reloc
Size: 384B - Virtual size: 360B