5fb40dc572433004c8925cd7165b40ce_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

5fb40dc572433004c8925cd7165b40ce_JaffaCakes118
Size

24KB
MD5

5fb40dc572433004c8925cd7165b40ce
SHA1

d03f2004b9da60b638a808108ccfd28aacf1cb71
SHA256

d5011a712bd366137d4ec0ea11dc0c612602fb72ab57654df030d23dcc16f2d2
SHA512

ce5fba9f3babaca9706fe3d3dab9cca51cf01b0656e922d1873a8eee630a2ed467d6c5d6d9b275b27070de15d1213f0064589b6d438285d092e742fcccd30552
SSDEEP

768:HVt+WhH3hRUH/sKx4LYGmRiUjx2ZYAsXiUSI2j:v+WhHvFKLVCrFj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5fb40dc572433004c8925cd7165b40ce_JaffaCakes118

Files

5fb40dc572433004c8925cd7165b40ce_JaffaCakes118
.sys windows:4 windows x86 arch:x86

d1a70a5f0687e0b8ea5037122628cbde

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoAttachDeviceToDeviceStack
KeWaitForSingleObject
IofCallDriver
KeInitializeEvent
IoBuildDeviceIoControlRequest
IoGetDeviceObjectPointer
IoCreateSymbolicLink
IoCreateDevice
RtlInitUnicodeString
swprintf
IoGetConfigurationInformation
IoWriteErrorLogEntry
ExAllocatePoolWithTag
ObfDereferenceObject
KeQuerySystemTime
KeInitializeSpinLock
IofCompleteRequest
ProbeForWrite
MmLockPagableDataSection
ExRaiseAccessViolation
MmMapLockedPages
MmBuildMdlForNonPagedPool
IoAllocateMdl
IoFreeMdl
KeSetEvent
ExInterlockedPopEntrySList
IoAllocateErrorLogEntry
ExFreePool
KeSetTimer
MmUnlockPagableImageSection
RtlFreeUnicodeString
ExDeleteNPagedLookasideList
ZwClose
KeInitializeTimer
IoCreateNotificationEvent
ExInitializeNPagedLookasideList
PsCreateSystemThread
DbgBreakPoint
ExfInterlockedAddUlong
KeResetEvent
RtlClearAllBits
RtlInitializeBitMap
ZwUnmapViewOfSection
RtlInitializeGenericTable
ZwMapViewOfSection
ZwCreateSection
ZwCreateFile
RtlDeleteElementGenericTable
RtlEnumerateGenericTableWithoutSplaying
RtlClearBits
RtlInsertElementGenericTable
RtlLookupElementGenericTable
RtlSetBits
RtlUnwind
IoDeleteSymbolicLink
IoDeleteDevice
KeClearEvent
IoRegisterDriverReinitialization
ExInterlockedPushEntrySList

hal

ExAcquireFastMutex
ExReleaseFastMutex
KfAcquireSpinLock
KfReleaseSpinLock

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGEDF
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 704B - Virtual size: 686B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d1a70a5f0687e0b8ea5037122628cbde

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 4KB - Virtual size: 4KB

.data Size: 1KB - Virtual size: 1KB

PAGE Size: 3KB - Virtual size: 3KB

PAGEDF Size: 2KB - Virtual size: 2KB

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 704B - Virtual size: 686B

.text
Size: 4KB - Virtual size: 4KB

.data
Size: 1KB - Virtual size: 1KB

PAGE
Size: 3KB - Virtual size: 3KB

PAGEDF
Size: 2KB - Virtual size: 2KB

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 704B - Virtual size: 686B