46fa12ffa275c1a5f41e14fef9b574f5_JaffaCakes118

General

Target

46fa12ffa275c1a5f41e14fef9b574f5_JaffaCakes118
Size

747KB
MD5

46fa12ffa275c1a5f41e14fef9b574f5
SHA1

cb7c5296ed69bcb5b07366089115fdac703357bc
SHA256

727c5423a5e36cd2ddead99add547e752c185bc5458234905c53ed5b7224d3a3
SHA512

cb16b3565171924583065fb4dd435358b279baf06ac654b5c218b0e20f6d88e619ab70f5fd246110a5c906fa64e850dcb9b13fc2c37519bdd54bf9134b859e82
SSDEEP

12288:ZlzWCytt//G7MznHy/LQy1wz6QpzGCdTJhmFQRVPW8TFakbtRgl65kyKrlqpbbRZ:zeFO7QHgLQ7z6Q5GQJhW8TFamDgqppcP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
46fa12ffa275c1a5f41e14fef9b574f5_JaffaCakes118

Files

46fa12ffa275c1a5f41e14fef9b574f5_JaffaCakes118
.sys windows:4 windows x86 arch:x86

09e5b4a0ff1c72be53bc6d06e040e988

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExAllocatePoolWithTag
RtlInitUnicodeString
ZwClose
IoCreateDevice
ZwQueryValueKey
RtlFreeUnicodeString
RtlQueryRegistryValues
IoFreeMdl
KeCancelTimer
ExFreePool
IoQueueWorkItem
IoWMIRegistrationControl
KeClearEvent
ObReferenceObjectByHandle
MmGetSystemRoutineAddress
KeReleaseSpinLockFromDpcLevel
PoRequestPowerIrp
IoGetDeviceProperty
KeAcquireSpinLockAtDpcLevel
KeInsertQueueDpc
PsTerminateSystemThread
IoWMIWriteEvent
ObfReferenceObject
ExInitializeNPagedLookasideList
KeWaitForMultipleObjects
ZwQuerySystemInformation
MmProbeAndLockPages
KeSetPriorityThread
IoGetDeviceObjectPointer
ExFreePoolWithTag

Sections

.text
Size: 315KB - Virtual size: 314KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 854B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 411KB - Virtual size: 411KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

09e5b4a0ff1c72be53bc6d06e040e988

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 315KB - Virtual size: 314KB

.rdata Size: 512B - Virtual size: 124B

.data Size: 16KB - Virtual size: 16KB

INIT Size: 1024B - Virtual size: 854B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 411KB - Virtual size: 411KB

.text
Size: 315KB - Virtual size: 314KB

.rdata
Size: 512B - Virtual size: 124B

.data
Size: 16KB - Virtual size: 16KB

INIT
Size: 1024B - Virtual size: 854B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 411KB - Virtual size: 411KB