5ca978611e6c00a211e439b5c1238fa5_JaffaCakes118

General

Target

5ca978611e6c00a211e439b5c1238fa5_JaffaCakes118
Size

738KB
MD5

5ca978611e6c00a211e439b5c1238fa5
SHA1

06fb9338d0ba9db55bb583838681a28e52a0dba3
SHA256

f034e4f893cef36f88c8292852d52f2f95ec4582c7a042143835eaa3ac01643f
SHA512

a6b09dc8fe050b28373a09e4e83e8b301a960370c4332979821b60a6ff6cae681eb975704ce67ef532e18ae679bef79bf499eec3f5366ad822d95f53176d275b
SSDEEP

12288:+KCJaIUjt5pwG44DpN9t+t85QSjT1uC70HqZcLtHl2UPjjpZQdBBKgxBAKaZ:tChipN9K8QSkCuqZA2UPjEdBBnxDa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5ca978611e6c00a211e439b5c1238fa5_JaffaCakes118

Files

5ca978611e6c00a211e439b5c1238fa5_JaffaCakes118
.sys windows:4 windows x86 arch:x86

468857f2efeb7f6d51f5c383ff05b9a7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwQuerySystemInformation
ExAllocatePoolWithTag
ExFreePoolWithTag
IoUnregisterPlugPlayNotification
MmAllocatePagesForMdl
FsRtlLookupLastMcbEntry
RtlInsertUnicodePrefix
_allrem
FsRtlLookupMcbEntry
ZwSetEvent
IoIsValidNameGraftingBuffer
RtlPrefetchMemoryNonTemporal
FsRtlPrepareMdlWriteDev
PsSetProcessPriorityByClass
RtlGenerate8dot3Name
IoGetDeviceObjectPointer
IoCreateDevice
RtlFindFirstRunClear
RtlLargeIntegerSubtract
NtCreateFile
RtlUlongByteSwap
IoInvalidateDeviceState
RtlUnwind
ExInterlockedAddLargeInteger
RtlUnicodeToMultiByteSize
KeIsExecutingDpc
KeRemoveQueueDpc
strspn
KeQueryTickCount
RtlUpcaseUnicodeStringToCountedOemString
IoCheckEaBufferValidity
RtlFreeHeap
FsRtlDeleteKeyFromTunnelCache
InitSafeBootMode
IoFreeWorkItem
PsCreateSystemThread
FsRtlFastUnlockAllByKey
memset
FsRtlCurrentBatchOplock
FsRtlPrivateLock
PsReferencePrimaryToken
_snprintf
MmMapIoSpace
ExInterlockedPushEntryList
ExInterlockedRemoveHeadList
KeReadStateMutex
RtlUpcaseUnicodeString
PoSetSystemState

Sections

.text
Size: 331KB - Virtual size: 330KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 395KB - Virtual size: 394KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

468857f2efeb7f6d51f5c383ff05b9a7

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 331KB - Virtual size: 330KB

.rdata Size: 512B - Virtual size: 264B

.data Size: 9KB - Virtual size: 21KB

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 395KB - Virtual size: 394KB

.text
Size: 331KB - Virtual size: 330KB

.rdata
Size: 512B - Virtual size: 264B

.data
Size: 9KB - Virtual size: 21KB

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 395KB - Virtual size: 394KB