5bf4d332b7e0f08161b6033d19026f38_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5bf4d332b7e0f08161b6033d19026f38_JaffaCakes118
Size

37KB
MD5

5bf4d332b7e0f08161b6033d19026f38
SHA1

b74d2ed430bf0fbb126e8ea46c1911536845b570
SHA256

452d137d2239dd241b668423b58ce0e39d3f640f103654013c05d8cc48db73d3
SHA512

9d5d11bd3c88a3dc19efa487c2a2abdda5bf4f58f839fce4b4eee8300794d0a7fef65766dc9858be69347a30e83079a9af08c0a2b8947b0cea5e150a2ab24899
SSDEEP

768:P47STv1pTZBBQARQkcnr05w6+7HhOHb6r+7UI:PzTv1pTZBBQARd5n+7IfUI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5bf4d332b7e0f08161b6033d19026f38_JaffaCakes118

Files

5bf4d332b7e0f08161b6033d19026f38_JaffaCakes118
.sys windows:4 windows x86 arch:x86

8aaf217572f8831b0995d2559ebad095

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

KeAttachProcess
KeDetachProcess
MmIsAddressValid
ObDereferenceObject
ObReferenceObjectByHandle
ObReferenceObjectByPointer
RtlFreeAnsiString
RtlInitUnicodeString
RtlUnicodeStringToAnsiString
RtlZeroMemory
ZwAllocateVirtualMemory
_stricmp
memcpy
strcpy
strlen
PsProcessType
MmSystemRangeStart
MmSectionObjectType
IoFileObjectType
IoAllocateMdl
IoCompleteRequest
IoCreateDevice
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
IoFreeMdl
IoIsWdmVersionAvailable
MmBuildMdlForNonPagedPool
MmMapLockedPages
MmUnmapLockedPages
ProbeForRead
KeServiceDescriptorTable
InterlockedExchange
ExSystemTimeToLocalTime
KeDelayExecutionThread
KeQuerySystemTime
PsCreateSystemThread
PsTerminateSystemThread
RtlLargeIntegerSubtract
ZwClose
ZwCreateKey
ZwOpenFile
ZwQueryInformationFile
ZwReadFile
ZwSetValueKey
ExAllocatePool
ExFreePool
RtlAnsiStringToUnicodeString
RtlFreeUnicodeString
RtlInitAnsiString
ZwQuerySystemInformation
strcat
RtlCompareUnicodeString
KeWaitForSingleObject
IoGetCurrentProcess

hal

KeGetCurrentIrql

Sections

.text
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 928B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1008B - Virtual size: 1004B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8aaf217572f8831b0995d2559ebad095

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 31KB - Virtual size: 31KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 32B - Virtual size: 24B

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 928B - Virtual size: 928B

.reloc Size: 1008B - Virtual size: 1004B

.text
Size: 31KB - Virtual size: 31KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 32B - Virtual size: 24B

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 928B - Virtual size: 928B

.reloc
Size: 1008B - Virtual size: 1004B