68ff2d2ca1d0d968df7ba17571c328ce_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

68ff2d2ca1d0d968df7ba17571c328ce_JaffaCakes118
Size

86KB
MD5

68ff2d2ca1d0d968df7ba17571c328ce
SHA1

4affcba3356777628ba6d7523839a52ce3c1c4b2
SHA256

b5b216f0f5d6f82c97dfdbc7a6945ed3bb07bafd851a2eeaa2dd0eb7132961c5
SHA512

3d7c13aaf80fe98051c34811a6d3493980071d28937e6a2fb14e4d3f70b382c8c2c335b21ac08ae3265b48fb5b6210d5aa5212baff57527a006aa36f01605fdb
SSDEEP

1536:XnKKUBKB+HeL5porREVxCEhlNpu+34OHGJ1R0QiFWlNGMdSLqiCPmy1TXBNKeo:XnKKXB+Ho5porRExA+3W09FaGiqEP71M

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
68ff2d2ca1d0d968df7ba17571c328ce_JaffaCakes118

Files

68ff2d2ca1d0d968df7ba17571c328ce_JaffaCakes118
.sys windows:4 windows x86 arch:x86

0c196a39e49448eec56c97b88e655f5c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlLengthSecurityDescriptor
ObFindHandleForObject
RtlCompareUnicodeString
MmUnmapViewInSystemSpace
RtlInitString
RtlImageNtHeader
RtlFreeUnicodeString
KeRemoveQueue
MmIsAddressValid
IoRegisterShutdownNotification
ZwMapViewOfSection
ExAllocatePool
RtlAnsiStringToUnicodeString
memcpy
LsaLogonUser
MmUnmapViewOfSection
ObOpenObjectByName
CcPreparePinWrite
ZwCreateSection
ZwCreateFile
ExFreePool
ZwOpenFile

classpnp.sys

ClassWmiCompleteRequest
ClassSetMediaChangeState
ClassReadDriveCapacity
ClassCompleteRequest
ClassDeleteSrbLookasideList
ClassGetDescriptor
ClassModeSense
ClassNotifyFailurePredicted
ClassWmiFireEvent
ClassSpinDownPowerHandler
ClassEnableMediaChangeDetection
ClassSendIrpSynchronous
ClassMarkChildrenMissing
ClassGetVpb
ClassClaimDevice
ClassGetDriverExtension
ClassMarkChildMissing
ClassInternalIoControl

hal

HalAssignSlotResources
HalAllocateCommonBuffer
KeLowerIrql
HalSetRealTimeClock
HalAdjustResourceList
READ_PORT_BUFFER_USHORT
HalTranslateBusAddress
KeAcquireQueuedSpinLockRaiseToSynch
KfReleaseSpinLock
HalProcessorIdle
KeAcquireSpinLockRaiseToSynch

Exports

Exports

JcQtnpVais
SwIrjkfrLwmtgZkpeiMa
GcatmyVkuozRao
SskmwcoMlvi
FzfexnhNbdmoxZzzgqPns

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 37KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0c196a39e49448eec56c97b88e655f5c

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

classpnp.sys

hal

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 7KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 37KB - Virtual size: 112KB

.rsrc Size: 19KB - Virtual size: 19KB

.reloc Size: 512B - Virtual size: 56B

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 37KB - Virtual size: 112KB

.rsrc
Size: 19KB - Virtual size: 19KB

.reloc
Size: 512B - Virtual size: 56B