6909ba89465bad8f6d30a2271d3247b3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

6909ba89465bad8f6d30a2271d3247b3_JaffaCakes118
Size

822KB
MD5

6909ba89465bad8f6d30a2271d3247b3
SHA1

f853ae788dcea5a0213b9078a1e54fa11feb4c39
SHA256

89034eb676b083b63c0f60bcd03517e57e052a4d20754f4544a6eb497be3c962
SHA512

567322205c9dc3e2174a236dd97735e4a2edb9693cc761ddeeacafa634c21da40adfc84d1bd33b972288ed2362832ec73241e607f6abf8f99eaaea6eae57a251
SSDEEP

24576:j46B3qvry5t+EQJrio8qE0Vifp0sPQke0:j6G4tiuEGsm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6909ba89465bad8f6d30a2271d3247b3_JaffaCakes118

Files

6909ba89465bad8f6d30a2271d3247b3_JaffaCakes118
.sys windows:4 windows x86 arch:x86

b019bf91cde8feda327b42dc77900fd6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExAllocatePoolWithTag
sprintf
ZwQuerySystemInformation
ExFreePoolWithTag
IoCreateDevice
ZwQueryInstallUILanguage
IoDeviceObjectType
MmRemovePhysicalMemory
RtlSetAllBits
RtlEmptyAtomTable
KeAcquireSpinLockAtDpcLevel
IoStopTimer
KeInitializeDeviceQueue
NtSetSecurityObject
RtlTraceDatabaseDestroy
IoSetFileOrigin
RtlIntegerToUnicodeString
ZwDisplayString
NtSetInformationProcess
NtQuerySystemInformation
PsCreateSystemThread
KeQueryTickCount
IoQueryVolumeInformation
FsRtlMdlReadDev
RtlFindFirstRunClear
MmLockPagableDataSection
IoCreateSymbolicLink
RtlUpcaseUnicodeStringToAnsiString
FsRtlInitializeFileLock
SeCreateClientSecurityFromSubjectContext
MmGrowKernelStack
MmUnlockPagableImageSection
MmGetVirtualForPhysical
CcSetReadAheadGranularity
RtlFindMessage
InbvResetDisplay
SeSetSecurityDescriptorInfo
ZwOpenThread
MmMapLockedPages
FsRtlAllocatePool
IoCreateDriver
islower
MmUnmapIoSpace
KeInsertByKeyDeviceQueue
READ_REGISTER_ULONG
FsRtlNotifyVolumeEvent
SeMarkLogonSessionForTerminationNotification
PsTerminateSystemThread
RtlEnlargedUnsignedMultiply
KeQueryPriorityThread
ZwQueryKey
MmFlushImageSection
ExRaiseHardError
_except_handler2
RtlCopySid
strcat
FsRtlCopyRead
HalDispatchTable
InterlockedIncrement
MmLockPagableImageSection
LdrEnumResources
strlen
RtlZeroMemory
NtReadFile
MmForceSectionClosed
RtlFindLastBackwardRunClear
ZwSetEaFile
strstr
MmBuildMdlForNonPagedPool
ExfInterlockedInsertTailList
FsRtlAreNamesEqual
FsRtlResetLargeMcb
CcCopyRead
KeGetCurrentThread
RtlMoveMemory
RtlAreAllAccessesGranted
IoDeleteDevice
Ke386SetIoAccessMap
rand
RtlFormatCurrentUserKeyPath

Sections

.text
Size: 385KB - Virtual size: 384KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 341B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 419KB - Virtual size: 418KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b019bf91cde8feda327b42dc77900fd6

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 385KB - Virtual size: 384KB

.rdata Size: 512B - Virtual size: 341B

.data Size: 14KB - Virtual size: 23KB

INIT Size: 2KB - Virtual size: 2KB

.reloc Size: 419KB - Virtual size: 418KB

.text
Size: 385KB - Virtual size: 384KB

.rdata
Size: 512B - Virtual size: 341B

.data
Size: 14KB - Virtual size: 23KB

INIT
Size: 2KB - Virtual size: 2KB

.reloc
Size: 419KB - Virtual size: 418KB