5eae4e80083a0e039a5f7b8ce53613c9_JaffaCakes118

General

Target

5eae4e80083a0e039a5f7b8ce53613c9_JaffaCakes118
Size

19KB
MD5

5eae4e80083a0e039a5f7b8ce53613c9
SHA1

4d89901bc75ab1186485e706d6ebf0b517e6bf87
SHA256

86b78166591c396a2bb18be560c7fedf3804ea77115768c0e9c74d2e433be863
SHA512

774e0aea8f681acf779da66e720875a5ac5a3f770e36e69f7e6b09d56a45c05b0c9f43e4857a6f6d8e79533fb7215b899c5fe4a8385a3dbdbeb69e8b39717039
SSDEEP

384:1wIx3F8Ile3WkjI8wARK4PbFBSWDUmxVcjlln47nPJcerzV6Xxa3:1wC3F8Ilemkj9wkKqbFBSWQmcA7nP5U

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5eae4e80083a0e039a5f7b8ce53613c9_JaffaCakes118

Files

5eae4e80083a0e039a5f7b8ce53613c9_JaffaCakes118
.sys windows:4 windows x86 arch:x86

a7cf8e42a3290999705596be61a12055

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExInitializeRundownProtection
ZwQueryInformationProcess
RtlFindLongestRunClear
PsRestoreImpersonation
memcpy
CcPinMappedData
FsRtlInitializeMcb
IoCreateSymbolicLink
RtlAppendUnicodeStringToString
IoReportResourceForDetection
CcGetDirtyPages
FsRtlNotifyFilterChangeDirectory
ExFreePoolWithTag
KeInsertQueueDpc
MmIsAddressValid
FsRtlIsNtstatusExpected
NtDuplicateObject
RtlInt64ToUnicodeString
NtAllocateUuids
DbgPrint
READ_REGISTER_BUFFER_ULONG
ZwCreateFile
RtlReserveChunk
FsRtlLookupLastLargeMcbEntry
ZwDisplayString
CcPinRead
KeStackAttachProcess
RtlImageNtHeader
IoWritePartitionTableEx
KdDebuggerEnabled
ExAllocatePool
strcmp

Exports

Exports

WoyCnwaIhmpk
OgsweglTguefMoyqm
FyeilcVfiuevsZkidrv

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.INIT
Size: 1024B - Virtual size: 879B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 78B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a7cf8e42a3290999705596be61a12055

Headers

File Characteristics

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 3KB - Virtual size: 2KB

.rdata Size: 11KB - Virtual size: 11KB

.data Size: - Virtual size: 4B

.INIT Size: 1024B - Virtual size: 879B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 78B

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 11KB - Virtual size: 11KB

.data
Size: - Virtual size: 4B

.INIT
Size: 1024B - Virtual size: 879B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 78B