3d0cf9b608db46f0f1957acfc0ff929a_JaffaCakes118

General

Target

3d0cf9b608db46f0f1957acfc0ff929a_JaffaCakes118
Size

763KB
MD5

3d0cf9b608db46f0f1957acfc0ff929a
SHA1

5820daf89a88ef76e5fc762023de188358080cfd
SHA256

ea5414b6fd22ef70f377b1984294996698dbf086753a088bb23e90e04354a794
SHA512

8a0b85ac025bb31977b04a36300f8da7d6b024af7521056d348183781d796526a8844966eb4f88ed607cab8d30c302884e0612eafa594b6efc1225138fd567a4
SSDEEP

12288:0E7OYfmiFiv3Xa/UvNrlX/YRnNoSb2EROextpnkJLpoPg7YIXWjE6jGUpcK99:0EQiF+aWdKpr1pnkBmohXOCwh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3d0cf9b608db46f0f1957acfc0ff929a_JaffaCakes118

Files

3d0cf9b608db46f0f1957acfc0ff929a_JaffaCakes118
.sys windows:4 windows x86 arch:x86

aa1699ec2039ec99b79cbd27ef47aa11

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwQuerySystemInformation
ExAllocatePoolWithTag
ExFreePoolWithTag
IoCreateNotificationEvent
RtlNtStatusToDosError
IoFreeMdl
FsRtlNumberOfRunsInLargeMcb
atoi
FsRtlPostStackOverflow
ObQueryObjectAuditingByHandle
RtlEnlargedUnsignedDivide
ExfInterlockedPushEntryList
ZwSetEaFile
isprint
IoCreateSymbolicLink
ZwQueryInformationFile
IoGetConfigurationInformation
RtlRaiseException
IoUnregisterPlugPlayNotification
KeRestoreFloatingPointState
KeI386MachineType
RtlEnumerateGenericTableWithoutSplaying
KeRaiseUserException
ZwFreeVirtualMemory
IoAssignResources
FsRtlMdlWriteComplete
ZwSetDefaultLocale
HalDispatchTable
FsRtlGetNextFileLock
qsort
KeInitializeQueue
RtlRealSuccessor
SeSystemDefaultDacl
IoInitializeRemoveLockEx
IoWMIRegistrationControl
SeQueryInformationToken
RtlSecondsSince1980ToTime
InbvEnableDisplayString
IoCreateDevice
ExSetTimerResolution
FsRtlInitializeTunnelCache
ZwOpenEvent
IoIsOperationSynchronous
MmAddPhysicalMemory
IoDeleteController
RtlDecompressChunks
FsRtlRemoveLargeMcbEntry
KeInsertHeadQueue
READ_REGISTER_ULONG
RtlTraceDatabaseAdd
strcmp
MmPageEntireDriver

Sections

.text
Size: 349KB - Virtual size: 348KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 464B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 402KB - Virtual size: 401KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

aa1699ec2039ec99b79cbd27ef47aa11

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 349KB - Virtual size: 348KB

.rdata Size: 512B - Virtual size: 464B

.data Size: 9KB - Virtual size: 23KB

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 402KB - Virtual size: 401KB

.text
Size: 349KB - Virtual size: 348KB

.rdata
Size: 512B - Virtual size: 464B

.data
Size: 9KB - Virtual size: 23KB

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 402KB - Virtual size: 401KB