479c5fd2c8e37a12fe73dd1a2f014882_JaffaCakes118

General

Target

479c5fd2c8e37a12fe73dd1a2f014882_JaffaCakes118
Size

747KB
MD5

479c5fd2c8e37a12fe73dd1a2f014882
SHA1

4956a7039fb643da039e766e2a1fd3f609e99c29
SHA256

e78e175532f469ebd8c3cc625e00e81ea86de66aff39bf9d7244ced960b4efa7
SHA512

5014baac5db110eca28653427e2eb334380ab8fb02c70926db24d590235ced5420afe2995eb5c9185c75b1a27496148c2aa3a1408b199e8e9a21eb3b84cffde0
SSDEEP

12288:sqci3mTlgfBmZiXDOFBsamVX+FTPLNCcYMKtqojmeA9yxiHTJS:eOmEBmEOFGaaX+FTPLocYMKtnmBUxCtS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
479c5fd2c8e37a12fe73dd1a2f014882_JaffaCakes118

Files

479c5fd2c8e37a12fe73dd1a2f014882_JaffaCakes118
.sys windows:4 windows x86 arch:x86

1b9940550112eb1b5625ded7f9778d1e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExAllocatePoolWithTag
KeBugCheckEx
KeWaitForSingleObject
IofCallDriver
RtlCompareMemory
IoCreateDevice
PoCallDriver
IoAttachDeviceToDeviceStack
RtlFreeUnicodeString
MmMapLockedPagesSpecifyCache
ZwOpenKey
RtlQueryRegistryValues
IoOpenDeviceRegistryKey
IoFreeMdl
KeInitializeTimer
IoAllocateWorkItem
KeDelayExecutionThread
KeClearEvent
KeSetTimer
IoCancelIrp
IoRegisterDeviceInterface
KeAcquireSpinLockAtDpcLevel
IoReleaseCancelSpinLock
IoAcquireRemoveLockEx
RtlAppendUnicodeToString
ObfReferenceObject
IoReleaseRemoveLockEx
KeQueryTimeIncrement
RtlAppendUnicodeStringToString
IoCreateSymbolicLink
IoGetAttachedDeviceReference
KeSetTimerEx
ExDeleteNPagedLookasideList
IoDisconnectInterrupt
IoConnectInterrupt
RtlWriteRegistryValue
MmProbeAndLockPages
IoInvalidateDeviceRelations
KeSetPriorityThread
KeRemoveQueueDpc
IoGetDeviceObjectPointer
ZwQuerySystemInformation
ExFreePoolWithTag

Sections

.text
Size: 315KB - Virtual size: 315KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 412KB - Virtual size: 411KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1b9940550112eb1b5625ded7f9778d1e

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 315KB - Virtual size: 315KB

.rdata Size: 512B - Virtual size: 176B

.data Size: 15KB - Virtual size: 14KB

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 412KB - Virtual size: 411KB

.text
Size: 315KB - Virtual size: 315KB

.rdata
Size: 512B - Virtual size: 176B

.data
Size: 15KB - Virtual size: 14KB

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 412KB - Virtual size: 411KB