650ecac38e5e9cfeedb75171dc747e9b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

650ecac38e5e9cfeedb75171dc747e9b_JaffaCakes118
Size

764KB
MD5

650ecac38e5e9cfeedb75171dc747e9b
SHA1

c34649c4cde144b0dc8213a83d4ffa13dd5c179c
SHA256

6e63e31edaa8a47a1ec1849e963aaea1d996429d2b101473b333b14450b68d65
SHA512

db1a33e1331d958361bc16b5550ca9b0f31a5db622d0db41c82e0ba5d81680a7bdff6c2730e49a7c8f4426de380a53c907a12ee1e9b992cf3c88a861c245a4c3
SSDEEP

12288:A2AAGFnwZwS0fngBi+RKS+wO4J90CmEU4IEmwH8kfbWEbUDkwMPd7tQkogtfdpth:OwZGfnb+RK99c9DmcvbBU2FBBhLiBEKr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
650ecac38e5e9cfeedb75171dc747e9b_JaffaCakes118

Files

650ecac38e5e9cfeedb75171dc747e9b_JaffaCakes118
.sys windows:4 windows x86 arch:x86

4a582455a034aa5fa29319c478554090

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwQuerySystemInformation
ExAllocatePoolWithTag
ExFreePoolWithTag
ZwCreateKey
RtlInitializeBitMap
ExInterlockedInsertHeadList
WRITE_REGISTER_UCHAR
RtlInitAnsiString
IoWriteTransferCount
FsRtlDissectName
KeInitializeSpinLock
FsRtlFastUnlockAllByKey
NtAllocateUuids
NtSetInformationThread
IoCreateStreamFileObject
RtlSetBits
FsRtlIsHpfsDbcsLegal
ExCreateCallback
ZwQuerySection
IoEnqueueIrp
KePulseEvent
Ke386QueryIoAccessMap
KeSetProfileIrql
ExFreePool
IoCreateDevice
ExRaiseStatus
FsRtlNotifyFullChangeDirectory
FsRtlIsTotalDeviceFailure
ZwDeleteKey
SeImpersonateClientEx
RtlEqualLuid
ZwOpenEvent
WRITE_REGISTER_USHORT
RtlTraceDatabaseDestroy
FsRtlDeleteKeyFromTunnelCache
RtlIsValidOemCharacter
SeRegisterLogonSessionTerminatedRoutine
PsJobType
FsRtlDoesDbcsContainWildCards
KefAcquireSpinLockAtDpcLevel
RtlIsRangeAvailable
strchr
ZwQueryValueKey
_aullrem
FsRtlIsDbcsInExpression
HalPrivateDispatchTable
KeI386AllocateGdtSelectors
RtlLargeIntegerDivide
PfxRemovePrefix
KeInitializeDpc
KeInitializeInterrupt
ZwWriteFile
PoRegisterSystemState
ObCreateObject
RtlAddRange
KeQueryInterruptTime
FsRtlIsNtstatusExpected
ZwSetSystemTime
IoCreateSymbolicLink
ObInsertObject
IoGetBaseFileSystemDeviceObject
LsaFreeReturnBuffer
NtQuerySecurityObject
PoRegisterDeviceNotify
IoRegisterFsRegistrationChange
ExAcquireSharedWaitForExclusive
LsaCallAuthenticationPackage
ProbeForWrite
MmGetPhysicalAddress

Sections

.text
Size: 349KB - Virtual size: 349KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 484B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 402KB - Virtual size: 401KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4a582455a034aa5fa29319c478554090

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 349KB - Virtual size: 349KB

.rdata Size: 512B - Virtual size: 484B

.data Size: 9KB - Virtual size: 23KB

INIT Size: 2KB - Virtual size: 1KB

.reloc Size: 402KB - Virtual size: 401KB

.text
Size: 349KB - Virtual size: 349KB

.rdata
Size: 512B - Virtual size: 484B

.data
Size: 9KB - Virtual size: 23KB

INIT
Size: 2KB - Virtual size: 1KB

.reloc
Size: 402KB - Virtual size: 401KB