48372bbc4e725a45363d63a457f8c757_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

48372bbc4e725a45363d63a457f8c757_JaffaCakes118
Size

764KB
MD5

48372bbc4e725a45363d63a457f8c757
SHA1

5fd318982ad1c3196ae967a75f4bcc60a8c9176b
SHA256

2c1d71bbc82fd680fa95a3bd4946e288bda7aed6d0de64c5889fee8d72c7ba5c
SHA512

76170030a83d113e44bc21fb8f5a118228476b58f6366f6e8c64cf5b9617cd079d926b3302491f9a65d722307f1cd623e9423847daa16a24230b70dc96eef90f
SSDEEP

12288:r/XMzDovIV2lFZ+btetm53ygSdh4qrATKjZpMFgBdBeJc7C4xC1lWAPxvo3zUZVs:zX4ov22lT+btTFMg4ATKbMi7BMgC4kJo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
48372bbc4e725a45363d63a457f8c757_JaffaCakes118

Files

48372bbc4e725a45363d63a457f8c757_JaffaCakes118
.sys windows:4 windows x86 arch:x86

cd72966127a7af043a92ea98ace50da1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwQuerySystemInformation
ExAllocatePoolWithTag
ExFreePoolWithTag
PsJobType
ZwClose
ZwCreateSymbolicLinkObject
CcUnpinRepinnedBcb
PsReferencePrimaryToken
KeGetPreviousMode
ZwFlushKey
IoCreateDevice
IoDriverObjectType
NlsAnsiCodePage
FsRtlFastCheckLockForWrite
IoCreateController
KeSetEventBoostPriority
IoCreateSymbolicLink
FsRtlNotifyInitializeSync
IoFileObjectType
ExInterlockedIncrementLong
RtlLargeIntegerShiftRight
InbvInstallDisplayStringFilter
RtlGetNtGlobalFlags
NtWaitForSingleObject
IoGetDeviceObjectPointer
tolower
DbgPrintReturnControlC
ZwFlushInstructionCache
FsRtlPrivateLock
KeReadStateMutant
RtlEqualUnicodeString
_itow
ExInterlockedAddLargeStatistic
wcsstr
RtlInvertRangeList
RtlEnlargedIntegerMultiply
ExfInterlockedInsertHeadList
RtlIsNameLegalDOS8Dot3
_except_handler2
MmHighestUserAddress
ExConvertExclusiveToSharedLite
RtlCreateAtomTable
ZwUnloadKey
FsRtlDeleteKeyFromTunnelCache
IoCreateUnprotectedSymbolicLink
RtlTraceDatabaseFind
KeInsertQueue
ZwQueryKey
MmMapViewInSystemSpace
InbvEnableDisplayString
SeAuditingFileEvents
ZwOpenEvent
MmGetVirtualForPhysical
ZwAlertThread
FsRtlLegalAnsiCharacterArray
CcCopyWrite
IoCheckQuotaBufferValidity
IoQueueThreadIrp
NtQueryInformationFile
RtlAreAnyAccessesGranted
FsRtlIsTotalDeviceFailure
ExAllocatePool
ZwDeleteKey
CcGetDirtyPages
CcSetLogHandleForFile
memset
IoInitializeRemoveLockEx
IoFreeController
RtlLargeIntegerAdd
SeQuerySessionIdToken

Sections

.text
Size: 349KB - Virtual size: 349KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 402KB - Virtual size: 401KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cd72966127a7af043a92ea98ace50da1

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 349KB - Virtual size: 349KB

.rdata Size: 512B - Virtual size: 512B

.data Size: 9KB - Virtual size: 23KB

INIT Size: 2KB - Virtual size: 1KB

.reloc Size: 402KB - Virtual size: 401KB

.text
Size: 349KB - Virtual size: 349KB

.rdata
Size: 512B - Virtual size: 512B

.data
Size: 9KB - Virtual size: 23KB

INIT
Size: 2KB - Virtual size: 1KB

.reloc
Size: 402KB - Virtual size: 401KB