4ccb656d298932eb658a88c65ed28dfd_JaffaCakes118

General

Target

4ccb656d298932eb658a88c65ed28dfd_JaffaCakes118
Size

745KB
MD5

4ccb656d298932eb658a88c65ed28dfd
SHA1

22a977f48ac7aa6b304084cf90b30000fe10dc9d
SHA256

29f78fcb13c6d7d8a75e737e1a4ab5d66b8cd1f9469759b7814bc2295de583dc
SHA512

fdc91891696a7bf59c4aaa60b9d58d74734718aca6c01f60fbf382f1712f701d51f31db0d7adb084aeddd869a8278f3f21be5ab0a02723c197345e6265a424b9
SSDEEP

12288:BIFNDiuUyIHkqSYC1c4XWXyHlt2SoHhwrQQwDsZKPSHnpkqC11ZMip:BkiQIHkEmcHXsU3H+rfcKHnpkL1Z

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4ccb656d298932eb658a88c65ed28dfd_JaffaCakes118

Files

4ccb656d298932eb658a88c65ed28dfd_JaffaCakes118
.sys windows:4 windows x86 arch:x86

b0b7d7e08448c2a4e7a954864c10ce5c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IofCompleteRequest
PoCallDriver
IoFreeIrp
IoAttachDeviceToDeviceStack
ZwOpenKey
RtlQueryRegistryValues
IoQueueWorkItem
IoAllocateMdl
IoWMIRegistrationControl
ObReferenceObjectByHandle
IoRegisterDeviceInterface
ZwSetValueKey
RtlInitAnsiString
IoBuildSynchronousFsdRequest
IoDeleteSymbolicLink
_vsnwprintf
IoAcquireRemoveLockEx
MmMapIoSpace
KeInitializeMutex
IoCreateSymbolicLink
RtlIntegerToUnicodeString
ExInitializeNPagedLookasideList
IoAcquireCancelSpinLock
IoConnectInterrupt
MmProbeAndLockPages
KeSetPriorityThread
ZwQuerySystemInformation
ExAllocatePoolWithTag
ExFreePoolWithTag

Sections

.text
Size: 314KB - Virtual size: 314KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 826B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 411KB - Virtual size: 411KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b0b7d7e08448c2a4e7a954864c10ce5c

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 314KB - Virtual size: 314KB

.rdata Size: 512B - Virtual size: 120B

.data Size: 15KB - Virtual size: 14KB

INIT Size: 1024B - Virtual size: 826B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 411KB - Virtual size: 411KB

.text
Size: 314KB - Virtual size: 314KB

.rdata
Size: 512B - Virtual size: 120B

.data
Size: 15KB - Virtual size: 14KB

INIT
Size: 1024B - Virtual size: 826B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 411KB - Virtual size: 411KB