63702d104ddc3469f97621f2534c2e6e_JaffaCakes118

General

Target

63702d104ddc3469f97621f2534c2e6e_JaffaCakes118
Size

721KB
MD5

63702d104ddc3469f97621f2534c2e6e
SHA1

6727a36e4df8192fea635b01417fef3264d82071
SHA256

73a343dd97d3f6dd76f45df4cbfcac178a6f8427fef4c2c691b4553993e285af
SHA512

e35e655423f4841be0b976f39f448d017a5c1f3558b76bb81633929e027db596af41a79bc8425fb2af9460417feb462639cf135c4495fa44027bfbdf05ce5dd1
SSDEEP

12288:tLS4cAr3iIM9W7Bb63p3r5cK951GtXr9wm2iRMOI1QVDNvXQXtc+W7mQ/DiXGg+P:tLSZHPc7Bb01GT6ZQdN/6c+W7mLv+ap+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
63702d104ddc3469f97621f2534c2e6e_JaffaCakes118

Files

63702d104ddc3469f97621f2534c2e6e_JaffaCakes118
.sys windows:4 windows x86 arch:x86

6d2dda3c068c2791656d726c948f2b50

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

KeBugCheckEx
ExAllocatePoolWithTag
KeWaitForSingleObject
KeInitializeEvent
IofCompleteRequest
ExFreePoolWithTag
PoStartNextPowerIrp
RtlFreeUnicodeString
KeInitializeDpc
ZwOpenKey
IoOpenDeviceRegistryKey
IoFreeMdl
KeCancelTimer
IoQueueWorkItem
IoWMIRegistrationControl
KeDelayExecutionThread
KeClearEvent
IoCancelIrp
PoSetPowerState
MmGetSystemRoutineAddress
IoGetDeviceProperty
KeAcquireSpinLockAtDpcLevel
MmBuildMdlForNonPagedPool
IoReleaseCancelSpinLock
IoWMIWriteEvent
IoAllocateErrorLogEntry
MmUnmapIoSpace
IoAcquireRemoveLockEx
KeResetEvent
RtlAppendUnicodeToString
MmMapIoSpace
IoReleaseRemoveLockEx
KeQueryTimeIncrement
KeInitializeMutex
IoCreateSymbolicLink
RtlIntegerToUnicodeString
KeSetTimerEx
ExInitializeNPagedLookasideList
IoAcquireCancelSpinLock
KeWaitForMultipleObjects
IoConnectInterrupt
RtlWriteRegistryValue
IoInvalidateDeviceRelations
IoGetDmaAdapter
MmUnlockPages
KeRemoveQueueDpc
IoGetDeviceObjectPointer
ZwQuerySystemInformation

Sections

.text
Size: 317KB - Virtual size: 317KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 196B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 385KB - Virtual size: 385KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6d2dda3c068c2791656d726c948f2b50

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 317KB - Virtual size: 317KB

.rdata Size: 512B - Virtual size: 196B

.data Size: 14KB - Virtual size: 13KB

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 385KB - Virtual size: 385KB

.text
Size: 317KB - Virtual size: 317KB

.rdata
Size: 512B - Virtual size: 196B

.data
Size: 14KB - Virtual size: 13KB

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 385KB - Virtual size: 385KB