69f00f4adbedc52f3ffdeffe9cc84a30_JaffaCakes118

General

Target

69f00f4adbedc52f3ffdeffe9cc84a30_JaffaCakes118
Size

746KB
MD5

69f00f4adbedc52f3ffdeffe9cc84a30
SHA1

77642d1060a89a49515560236ba9408a42b37589
SHA256

8f135289e5b0e35fe156c671f8484380eebbc46a9ed70372209544402508db67
SHA512

f43a48c2f287bb937f16cec31c8f97e11c6f7bd3b17c4e929a243c4f8303267c394d24323aeff9adf1ae48530a34be5432a48e4637d614779bb4306ccef03608
SSDEEP

12288:Ope9blAjrxFwlqOfUGXs9ldhfowpzrLoAcfOuuz5rZAkBz3y6S5p3xMCXVNyG6v3:OpCbYwlqOfUNldhfo+PE6uuz5Vy6nCXt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
69f00f4adbedc52f3ffdeffe9cc84a30_JaffaCakes118

Files

69f00f4adbedc52f3ffdeffe9cc84a30_JaffaCakes118
.sys windows:4 windows x86 arch:x86

6d3bbeb02740ba68d0d11605b729af5e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExAllocatePoolWithTag
KeBugCheckEx
KeInitializeEvent
KeSetEvent
IofCallDriver
ZwClose
RtlCompareMemory
IoDeleteDevice
ZwQueryValueKey
PoCallDriver
ObfDereferenceObject
PoStartNextPowerIrp
IoDetachDevice
RtlFreeUnicodeString
RtlCopyUnicodeString
IoOpenDeviceRegistryKey
IoFreeMdl
ExFreePool
IoQueueWorkItem
KeInitializeTimer
IoFreeWorkItem
KeDelayExecutionThread
ObReferenceObjectByHandle
KeSetTimer
IoSetDeviceInterfaceState
IoCancelIrp
PoSetPowerState
IoRegisterDeviceInterface
ZwSetValueKey
KeReleaseSpinLockFromDpcLevel
PsCreateSystemThread
IoGetDeviceProperty
KeAcquireSpinLockAtDpcLevel
IoWMIWriteEvent
DbgPrint
IoWriteErrorLogEntry
IoAllocateErrorLogEntry
MmUnmapIoSpace
KeResetEvent
MmMapIoSpace
IoReleaseRemoveLockEx
ZwCreateKey
KeQueryTimeIncrement
KeReleaseMutex
IoReleaseRemoveLockAndWaitEx
_vsnprintf
IoGetAttachedDeviceReference
ExDeleteNPagedLookasideList
IoAcquireCancelSpinLock
IoDisconnectInterrupt
ZwCreateFile
RtlWriteRegistryValue
IoInvalidateDeviceRelations
IoGetDeviceObjectPointer
ZwQuerySystemInformation
ExFreePoolWithTag

Sections

.text
Size: 314KB - Virtual size: 313KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 228B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 412KB - Virtual size: 411KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6d3bbeb02740ba68d0d11605b729af5e

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 314KB - Virtual size: 313KB

.rdata Size: 512B - Virtual size: 228B

.data Size: 16KB - Virtual size: 15KB

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 412KB - Virtual size: 411KB

.text
Size: 314KB - Virtual size: 313KB

.rdata
Size: 512B - Virtual size: 228B

.data
Size: 16KB - Virtual size: 15KB

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 412KB - Virtual size: 411KB