4bdefdd67d92608485c515eb5119b722_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

4bdefdd67d92608485c515eb5119b722_JaffaCakes118
Size

41KB
MD5

4bdefdd67d92608485c515eb5119b722
SHA1

9797079b7882e487ca6383e7d23e5d4d46c6b2b5
SHA256

8d3752a4343c9153290100654c09d23ec8d18d17266982f4376887689e2bf92d
SHA512

7d0ca59e7195feb0316529d55d0384916610127a133475df79bfa567bf3894e7895041670a1160ef15382c7173585cfcc763db056ef4d90cf0a9dbcf463fe721
SSDEEP

768:gQfN77x9bqKE3QJaSqMNlSWlJ2FyThGWKDxeWjXy5yQLO3EzJ4pOg9xhJFaatHCo:jtlbs2aRbIxLzmThfRit9EX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4bdefdd67d92608485c515eb5119b722_JaffaCakes118

Files

4bdefdd67d92608485c515eb5119b722_JaffaCakes118
.sys windows:4 windows x86 arch:x86

9038267dffe5d0d2eb21c81354dee3f8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExAcquireResourceExclusiveLite
KeEnterCriticalRegion
sprintf
ExAcquireResourceSharedLite
ExReleaseResourceLite
IoFreeIrp
KeSetEvent
KeWaitForSingleObject
IofCallDriver
KeGetCurrentThread
IoAllocateIrp
KeInitializeEvent
memmove
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
strncmp
IoGetCurrentProcess
PsGetCurrentProcessId
strncpy
IoAttachDeviceToDeviceStack
ObfDereferenceObject
IoCreateDevice
IoGetRelatedDeviceObject
vsprintf
KeLeaveCriticalRegion
ZwCreateFile
RtlInitUnicodeString
IoQueryVolumeInformation
IoAttachDeviceByPointer
ExInterlockedPushEntrySList
KeQuerySystemTime
ExInterlockedPopEntrySList
ProbeForWrite
KeClearEvent
_except_handler3
IoDeleteDevice
IoDetachDevice
ExQueueWorkItem
IofCompleteRequest
strstr
MmMapLockedPages
IoDeleteSymbolicLink
ExInitializeNPagedLookasideList
ExInitializeResourceLite
IoCreateSymbolicLink
InterlockedIncrement
ExAllocatePoolWithTag
ExFreePool
ZwClose
ObReferenceObjectByHandle
_strlwr

hal

KeGetCurrentIrql
KeQueryPerformanceCounter
ExAcquireFastMutex
ExReleaseFastMutex

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9038267dffe5d0d2eb21c81354dee3f8

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 22KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 512B - Virtual size: 3KB

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 8KB - Virtual size: 7KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 22KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 3KB

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 4KB - Virtual size: 3KB