4a495d644239ba2bc0e9e4d7b202c236_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4a495d644239ba2bc0e9e4d7b202c236_JaffaCakes118
Size

17KB
MD5

4a495d644239ba2bc0e9e4d7b202c236
SHA1

ea48f161dd3c0ef2a3d4793ba3ae9df59dbff6a4
SHA256

7811872f07493cfd12a23d4aa569c89c7718df579a8cc605296a40d66ba049a6
SHA512

92a92dfaf4c44054bcf7fbcf391cf8c627b139413c840cd3acb0da612c56934f4878cdca01158fc02e1a672477e97c511e361cb5bea4394ff52739bef5116c24
SSDEEP

192:VtM4VJZOGbAy7nfIFld2+dqHzSJrltVGEA+kNwB0HJ8hNmyiFeidZcqFrSKJE:c4jAqi77YHGjOJhH2q4qhSo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4a495d644239ba2bc0e9e4d7b202c236_JaffaCakes118

Files

4a495d644239ba2bc0e9e4d7b202c236_JaffaCakes118
.sys windows:5 windows x86 arch:x86

85954725889c148ca915bb9f53fc85d6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\iSCSI\iSCSIClient\SYS\objfre_wxp_x86\i386\CakeCache.pdb

Imports

ntoskrnl.exe

KeWaitForSingleObject
KeReleaseMutex
KeInitializeEvent
KeSetEvent
ExAllocatePoolWithTag
ExFreePoolWithTag
DbgPrint
ExInitializeNPagedLookasideList
RtlAnsiStringToUnicodeString
RtlInitString
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
sprintf
ZwMapViewOfSection
ZwCreateSection
strchr
ZwClose
RtlFreeUnicodeString
ZwCreateFile
RtlInitUnicodeString
IofCallDriver
IofCompleteRequest
PoCallDriver
PoStartNextPowerIrp
KeInitializeMutex
IoDeleteDevice
IoBuildSynchronousFsdRequest
_allmul
ZwUnmapViewOfSection
KeReleaseSemaphore
RtlQueryRegistryValues
ObfDereferenceObject
IoDetachDevice
MmMapLockedPages
_alldiv
IoFreeMdl
MmUnlockPages
KeGetCurrentThread
MmProbeAndLockPages
IoFreeIrp
IoAllocateMdl
IoAllocateIrp
PsTerminateSystemThread
ObReferenceObjectByHandle
PsCreateSystemThread
KeInitializeSemaphore
IoAttachDeviceToDeviceStack
IoCreateDevice
IoCreateSymbolicLink
ExInterlockedPushEntrySList
ExInterlockedPopEntrySList

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 319B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 400B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1004B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

85954725889c148ca915bb9f53fc85d6

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Sections

.text Size: 12KB - Virtual size: 12KB

.rdata Size: 384B - Virtual size: 319B

.data Size: 512B - Virtual size: 400B

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 936B

.reloc Size: 1024B - Virtual size: 1004B

.text
Size: 12KB - Virtual size: 12KB

.rdata
Size: 384B - Virtual size: 319B

.data
Size: 512B - Virtual size: 400B

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 936B

.reloc
Size: 1024B - Virtual size: 1004B