4ada644fb009aa1b34913b3f7bf784bc_JaffaCakes118

General

Target

4ada644fb009aa1b34913b3f7bf784bc_JaffaCakes118
Size

750KB
MD5

4ada644fb009aa1b34913b3f7bf784bc
SHA1

58bf33e82a6ad51735d3117a49ed8787d70f06f7
SHA256

0ed57df1ad27cf1dcc992e46f3f5dbb67110726840bd96b13e4fb7b249e1519f
SHA512

f764b297a5ec88de3c7d7980cce101b291a162630fd9fddf687f4f6898d1c6f21b6e73ecae5f16851d07405655b58845f0f62c8f06130fed18fe279ff29c0320
SSDEEP

12288:hp57+Qki7pRYunhKeawnifRQF3wxSpwY6CEzE+yhKjJzjjCkmAKv0S6StfU5HnVF:h3+QkU5i6AxZnRyWJekNKcS69HnV56e

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4ada644fb009aa1b34913b3f7bf784bc_JaffaCakes118

Files

4ada644fb009aa1b34913b3f7bf784bc_JaffaCakes118
.sys windows:4 windows x86 arch:x86

c2412a98649ec6c350eedddad8b2ede4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

sprintf
ZwQuerySystemInformation
ExAllocatePoolWithTag
ExFreePoolWithTag
KeUpdateRunTime
FsRtlInitializeOplock
ZwSetInformationProcess
ObReferenceObjectByHandle
LsaDeregisterLogonProcess
RtlEnlargedUnsignedDivide
ObSetSecurityDescriptorInfo
ExInterlockedFlushSList
FsRtlOplockIsFastIoPossible
FsRtlMdlWriteCompleteDev
IoFreeMdl
WRITE_REGISTER_BUFFER_ULONG
MmIsAddressValid
ExEnumHandleTable
PsGetVersion
IoReportHalResourceUsage
ZwQueryInstallUILanguage
toupper
IoAcquireCancelSpinLock
DbgPrompt
FsRtlAllocateResource
NtUnlockFile
IoCreateDevice
KeReleaseMutex
KiAcquireSpinLock
KeLeaveCriticalRegion
MmIsThisAnNtAsSystem
ZwNotifyChangeKey
SeSetSecurityDescriptorInfo
RtlLargeIntegerArithmeticShift
SePrivilegeObjectAuditAlarm
RtlOemStringToUnicodeSize
NtNotifyChangeDirectoryFile
IoStopTimer
PoRegisterSystemState
KeInitializeEvent
ExfInterlockedPopEntryList
CcMdlWriteComplete
IoEnqueueIrp
ObReferenceObjectByName
CcPurgeCacheSection
ZwDeleteFile
IoDeleteDevice
IoCreateSymbolicLink
RtlCompareUnicodeString

Sections

.text
Size: 347KB - Virtual size: 346KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 223B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 387KB - Virtual size: 386KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c2412a98649ec6c350eedddad8b2ede4

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 347KB - Virtual size: 346KB

.rdata Size: 512B - Virtual size: 223B

.data Size: 13KB - Virtual size: 25KB

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 387KB - Virtual size: 386KB

.text
Size: 347KB - Virtual size: 346KB

.rdata
Size: 512B - Virtual size: 223B

.data
Size: 13KB - Virtual size: 25KB

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 387KB - Virtual size: 386KB