40be1b683383147c8331fcf57e72adc6_JaffaCakes118

General

Target

40be1b683383147c8331fcf57e72adc6_JaffaCakes118
Size

100KB
MD5

40be1b683383147c8331fcf57e72adc6
SHA1

a54f3f36bffb748c9e603498d8a026872a9d6770
SHA256

49be6bba4054e7663bd96cf9e7c977529d47f66c6c659853dc04446797b8f825
SHA512

82a0701c8b2f0b2e9a6e12ac8f6738451e63b361c979710f5a556979de0efe48ee8ce437bd8afe1832ce35f464a4c81cbd2d8c4cb68cbb79d3d0afefa5c5ec63
SSDEEP

1536:/LPI4kYELrpWOxXQee/oiuXcDh0lKj4RFD/VH08zCS1tVCdG252Hc1XsDn:/k4k3hHbegiOla2VX9DVTY87

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
40be1b683383147c8331fcf57e72adc6_JaffaCakes118

Files

40be1b683383147c8331fcf57e72adc6_JaffaCakes118
.sys windows:5 windows x86 arch:x86

d821891592601888d270827facd17a96

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

KeDcacheFlushCount
NtDeviceIoControlFile
ZwQuerySystemInformation
IoWriteTransferCount
NlsLeadByteInfo
PsSetLegoNotifyRoutine
IoIsOperationSynchronous
IoStatisticsLock
RtlGetOwnerSecurityDescriptor
ExInterlockedExtendZone
SeAuditingHardLinkEvents
KeSaveStateForHibernate
swprintf
ZwDuplicateObject
RtlCaptureContext
IoEnqueueIrp
IoRemoveShareAccess
ZwSetDefaultLocale
RtlDelete
CcRepinBcb
NtBuildNumber
IoRegisterDeviceInterface
ExAllocatePool
IoGetConfigurationInformation
MmMapUserAddressesToPage
FsRtlNotifyReportChange
IoAssignResources
CcMapData
IoCheckQuotaBufferValidity
SeSystemDefaultDacl
ExInterlockedDecrementLong
CcSetBcbOwnerPointer
IoGetRelatedDeviceObject
ExFreePool
RtlDecompressBuffer
ZwOpenKey
wcsstr
KeRestoreFloatingPointState
SeTokenIsRestricted

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d821891592601888d270827facd17a96

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 10KB - Virtual size: 10KB

.data Size: 79KB - Virtual size: 79KB

.idata Size: 1KB - Virtual size: 1KB

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 10KB - Virtual size: 10KB

.data
Size: 79KB - Virtual size: 79KB

.idata
Size: 1KB - Virtual size: 1KB

.reloc
Size: 6KB - Virtual size: 6KB