70304c1402cc48ee19b1629bc7e8bfc7_JaffaCakes118

General

Target

70304c1402cc48ee19b1629bc7e8bfc7_JaffaCakes118
Size

31KB
MD5

70304c1402cc48ee19b1629bc7e8bfc7
SHA1

d9381ec81aca1d77b0b8763c90805bf5581b3589
SHA256

d8436ab5bae37301ee8433ef5fa390a428cdb2d8fa22f0752ae21d622bded76c
SHA512

b1eccf745ef14d39b2dfe1626d208208f85dcd4600607e531350350536612fb89ecc2f300c031be4320f1bc76708f42dd14da2e01e91cafb40c1d1f084d74bc1
SSDEEP

384:e2+3OI5LdSs/UJh8yvnbX82NLcQumUEeiAqbdAenZxFx1BB/Ir+ZB7aKks:D85JSs/lyT75vXpbjnZx/1BSU7aKJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
70304c1402cc48ee19b1629bc7e8bfc7_JaffaCakes118

Files

70304c1402cc48ee19b1629bc7e8bfc7_JaffaCakes118
.sys windows:5 windows x86 arch:x86

b46d1fad992a4b483ed5a98b7dbb9967

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExFreePoolWithTag
ExAllocatePool
KeGetCurrentThread
PsSetCreateProcessNotifyRoutine
SeSinglePrivilegeCheck
ZwDisplayString
IoAttachDeviceByPointer
KeCancelTimer
ZwCreateTimer
IoGetDeviceObjectPointer
ZwSetInformationThread
IoRaiseHardError
IoReportResourceForDetection
KeWaitForSingleObject
KeSetTimer
wcsncmp
RtlCreateRegistryKey
RtlDeleteRegistryValue
KeInitializeDpc
_wcsnicmp
KeInitializeTimer
_strnicmp
RtlInitUnicodeString
RtlDeleteNoSplay
RtlAnsiStringToUnicodeString
_allmul
memset
MmRemovePhysicalMemory
MmGetPhysicalMemoryRanges
MmGetPhysicalAddress

Exports

Exports

__MmGetPhysicalMemoryRanges@0
___MmRemovePhysicalMemory@0

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.datac
Size: 1024B - Virtual size: 610B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 400B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 814B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b46d1fad992a4b483ed5a98b7dbb9967

Headers

File Characteristics

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 3KB

.datac Size: 1024B - Virtual size: 610B

.data Size: 512B - Virtual size: 400B

INIT Size: 1024B - Virtual size: 814B

.rsrc Size: 23KB - Virtual size: 23KB

.reloc Size: 512B - Virtual size: 260B

.text
Size: 4KB - Virtual size: 3KB

.datac
Size: 1024B - Virtual size: 610B

.data
Size: 512B - Virtual size: 400B

INIT
Size: 1024B - Virtual size: 814B

.rsrc
Size: 23KB - Virtual size: 23KB

.reloc
Size: 512B - Virtual size: 260B