4b656f5cc09e5d2f4637d77fe441664d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4b656f5cc09e5d2f4637d77fe441664d_JaffaCakes118
Size

20KB
MD5

4b656f5cc09e5d2f4637d77fe441664d
SHA1

c7dbcf539c39bc6bdb3622eab77ef1b63bfa8736
SHA256

0b72f231bff0d1d40bf7b01a9cb07f453fe0436a52ad597ffb0d2c0160d5afe6
SHA512

6728aa08776b372bf99bad3460b984096ba7c860676ac32a26e97315af65226ec4c0b9d777da2b59574940dc8f2c0ec01fee832583414f774d168d164f665c59
SSDEEP

384:DJykSg8Ppcx7l8HcIH3pNL1Jrhy/jso9uT+quEOjBMab:DJyk/8Be7l8dn1y/jso5zMab

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4b656f5cc09e5d2f4637d77fe441664d_JaffaCakes118

Files

4b656f5cc09e5d2f4637d77fe441664d_JaffaCakes118
.sys windows:6 windows x86 arch:x86

c2812d185510d3ee04fd0fe4fa972c1b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

compbatt.pdb

Imports

ntoskrnl.exe

IoCancelIrp
ExQueueWorkItem
IoFreeIrp
memcpy
IoDetachDevice
IoDeleteDevice
IoAttachDeviceToDeviceStack
IoCreateSymbolicLink
IoCreateDevice
RtlInitUnicodeString
memset
KeSetEvent
KeWaitForSingleObject
IoBuildDeviceIoControlRequest
RtlCompareUnicodeString
ZwClose
KeQueryInterruptTime
ObReferenceObjectByHandle
IoFileObjectType
ZwCreateFile
InterlockedDecrement
InterlockedIncrement
PoCallDriver
PoStartNextPowerIrp
ExFreePool
ObfDereferenceObject
IoAllocateIrp
ObfReferenceObject
RtlCopyUnicodeString
ExAllocatePoolWithTag
IoGetDeviceInterfaces
IoRegisterPlugPlayNotification
KeTickCount
KeBugCheckEx
IofCallDriver
IofCompleteRequest
IoGetRelatedDeviceObject
KeInitializeEvent

hal

ExReleaseFastMutex
ExAcquireFastMutex

battc.sys

BatteryClassStatusNotify
BatteryClassIoctl
BatteryClassInitializeDevice

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 289B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 384B - Virtual size: 380B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c2812d185510d3ee04fd0fe4fa972c1b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

hal

battc.sys

Sections

.text Size: 2KB - Virtual size: 2KB

.rdata Size: 384B - Virtual size: 289B

.data Size: 128B - Virtual size: 16B

PAGE Size: 3KB - Virtual size: 2KB

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 384B - Virtual size: 380B

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 384B - Virtual size: 289B

.data
Size: 128B - Virtual size: 16B

PAGE
Size: 3KB - Virtual size: 2KB

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 384B - Virtual size: 380B