46c10547814c7daee6943869649e5d72_JaffaCakes118

General

Target

46c10547814c7daee6943869649e5d72_JaffaCakes118
Size

68KB
MD5

46c10547814c7daee6943869649e5d72
SHA1

92e7247b572ea6e839979076d07d3ec12cb425e5
SHA256

2ecec184c3ebbcf01d9171d87c34ad57d27275844c3c05a6970b1a07b4d90433
SHA512

e6d3028e3e76383011f9e199c2da49985d6d8a3c4f20f2220af1affc32ec5431159f306456bd99cab0ea9f4b148e63335525cddd1c4517ef60010731c52ff5ca
SSDEEP

1536:Su+Xo12COzRPm095ayKav1iDNubPnYM51:t+Xo1TSn5Os1eubPnYM51

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
46c10547814c7daee6943869649e5d72_JaffaCakes118

Files

46c10547814c7daee6943869649e5d72_JaffaCakes118
.sys windows:4 windows x86 arch:x86

ba8041b265360b9e31113e5e45c717fc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoAllocateIrp
KefReleaseSpinLockFromDpcLevel
KeDelayExecutionThread
ZwClose
ZwReadFile
ZwQueryInformationFile
ZwCreateFile
_wcsnicmp
ExFreePoolWithTag
ExInterlockedPopEntrySList
KefAcquireSpinLockAtDpcLevel
ZwQueryValueKey
KeWaitForSingleObject
MmBuildMdlForNonPagedPool
IoAllocateMdl
PsCreateSystemThread
IoFreeMdl
NtClose
IoGetDeviceObjectPointer
ExInitializeNPagedLookasideList
ZwSetValueKey
ExInterlockedPushEntrySList
memset
ZwSetInformationFile
KeInitializeEvent
_wcsicmp
KeGetCurrentThread
ExAllocatePoolWithTag
_stricmp
ZwFlushKey
ObfDereferenceObject
ZwDeleteKey
IoFreeIrp
ZwCreateKey
MmMapLockedPages
ZwWriteFile
KeSetEvent
RtlUnwind
KeUnstackDetachProcess
KeInitializeApc
ZwQuerySystemInformation
MmGetPhysicalAddress
MmHighestUserAddress
PsGetVersion
PsLookupThreadByThreadId
PsLookupProcessByProcessId
KeStackAttachProcess
KeInsertQueueApc

hal

KfReleaseSpinLock
KfAcquireSpinLock

ndis.sys

NdisDeregisterProtocol
NdisFreeMemory
NdisCloseAdapter
NdisAllocatePacketPool
NdisFreePacket
NdisRegisterProtocol
NdisAllocateBufferPool
NdisAllocateBuffer
NdisFreePacketPool
NdisOpenAdapter
NdisAllocatePacket
NdisAllocateMemoryWithTag
NdisFreeBufferPool

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ba8041b265360b9e31113e5e45c717fc

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

ndis.sys

Sections

.text Size: 15KB - Virtual size: 15KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 46KB - Virtual size: 46KB

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 15KB - Virtual size: 15KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 46KB - Virtual size: 46KB

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB