61f225160c676df22f237269d9fb16f8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

61f225160c676df22f237269d9fb16f8_JaffaCakes118
Size

765KB
MD5

61f225160c676df22f237269d9fb16f8
SHA1

bc9d93543ebea8d7f1498b591ce03e916c9ab097
SHA256

e7479c94534738f9414b0c5e897aaa42bb2ad1e8ee20a9ef72e4e6b5b59502aa
SHA512

1c98b17e658cf62b81a3986f2f56d6acd0c59e1b93e615a837fa566d6fa286bd9f1d3dbab6c9aeeb7f4987abd2e439b118ca9a2a1790fc1648ab9b2a4a64fd8e
SSDEEP

12288:OV4ODyGf+rVMz2+2d1YfHEoySK9YBVggg4K2eHvEF/tHyThu8T/M:K4OeXxnd45ySeO3eMFJAg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
61f225160c676df22f237269d9fb16f8_JaffaCakes118

Files

61f225160c676df22f237269d9fb16f8_JaffaCakes118
.sys windows:4 windows x86 arch:x86

0dc466f361513dd68c72df19c0281256

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwQuerySystemInformation
ExAllocatePoolWithTag
ExFreePoolWithTag
KeQueryActiveProcessors
strrchr
MmUnmapIoSpace
ZwQueryInstallUILanguage
PsRevertToSelf
RtlAreAllAccessesGranted
KeTickCount
wcschr
IoCreateSynchronizationEvent
LpcPortObjectType
RtlGetSaclSecurityDescriptor
RtlReserveChunk
ZwUnloadDriver
isupper
RtlFreeUnicodeString
_except_handler3
NtDeleteFile
NtDeviceIoControlFile
ExReleaseFastMutexUnsafe
RtlEqualUnicodeString
KeUserModeCallback
READ_REGISTER_BUFFER_ULONG
FsRtlCopyRead
ExAllocateFromPagedLookasideList
RtlFindSetBitsAndClear
FsRtlRegisterUncProvider
ExIsResourceAcquiredSharedLite
IoIsFileOriginRemote
RtlSplay
KeInsertDeviceQueue
RtlPinAtomInAtomTable
FsRtlIsNameInExpression
mbstowcs
RtlLargeIntegerArithmeticShift
ExDeleteNPagedLookasideList
PfxRemovePrefix
RtlFindClearBitsAndSet
KeI386FlatToGdtSelector
IoGetDeviceInterfaceAlias
IoReleaseRemoveLockEx
FsRtlOplockIsFastIoPossible
RtlInitString
ExInterlockedInsertHeadList
RtlLookupAtomInAtomTable
KiDispatchInterrupt
RtlUpcaseUnicodeToOemN
ExReinitializeResourceLite
ZwOpenThread
MmIsThisAnNtAsSystem
MmAllocateContiguousMemory
ZwQueryInformationProcess
IoCreateSymbolicLink
IoStartPacket
MmMapMemoryDumpMdl
ExAcquireFastMutexUnsafe
ExGetSharedWaiterCount
KiUnexpectedInterrupt
RtlAppendAsciizToString
ExInterlockedAddUlong
ZwOpenEvent
PoCancelDeviceNotify
IoInitializeRemoveLockEx
KeReleaseMutant
NlsMbOemCodePageTag
IoCreateDevice
InbvSetScrollRegion
RtlCompareString
WRITE_REGISTER_UCHAR
FsRtlBalanceReads
RtlStringFromGUID
SeAuditingFileOrGlobalEvents
FsRtlNormalizeNtstatus
IoRegisterDeviceInterface
MmCreateSection
MmGetVirtualForPhysical
IoCheckDesiredAccess
InitSafeBootMode
IoCreateFile

Sections

.text
Size: 349KB - Virtual size: 349KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 548B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 402KB - Virtual size: 401KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0dc466f361513dd68c72df19c0281256

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 349KB - Virtual size: 349KB

.rdata Size: 1024B - Virtual size: 548B

.data Size: 9KB - Virtual size: 23KB

INIT Size: 2KB - Virtual size: 2KB

.reloc Size: 402KB - Virtual size: 401KB

.text
Size: 349KB - Virtual size: 349KB

.rdata
Size: 1024B - Virtual size: 548B

.data
Size: 9KB - Virtual size: 23KB

INIT
Size: 2KB - Virtual size: 2KB

.reloc
Size: 402KB - Virtual size: 401KB