7385e41a8f7fb61c648e79db7265ab94_JaffaCakes118

General

Target

7385e41a8f7fb61c648e79db7265ab94_JaffaCakes118
Size

26KB
MD5

7385e41a8f7fb61c648e79db7265ab94
SHA1

bc0fb5741fa6af3dedd5928e22f86a75399ed6e1
SHA256

1642db607f333569ff4b6172ac8a6ac475ea363acafd78a4b83a156f7014d220
SHA512

73d9f8e081980b45bf32bd12ca337707b6676f81b01effa1bbe596021830cbb1522c965077d1839f268163e6c03e72e5806ee35ccf5ecf8e772aa0e89668e9df
SSDEEP

384:Qloo1891yElzy0I51GpudrCoSixtgcZctIpOoEhIS:Qloe8yEZvu4UtvhHcmpOD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7385e41a8f7fb61c648e79db7265ab94_JaffaCakes118

Files

7385e41a8f7fb61c648e79db7265ab94_JaffaCakes118
.sys windows:5 windows x86 arch:x86

3477053deb8d489360fa9c63e48a547b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoFreeIrp
KeSetEvent
KeWaitForSingleObject
IofCallDriver
KeGetCurrentThread
IoAllocateIrp
KeInitializeEvent
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
sprintf
_except_handler3
strncmp
IoGetCurrentProcess
ZwClose
ObfDereferenceObject
strncpy
IoCreateDevice
IoGetRelatedDeviceObject
ObReferenceObjectByHandle
ZwCreateFile
RtlInitUnicodeString
IoDeleteDevice
IoDetachDevice
KeQuerySystemTime
ExQueueWorkItem
IofCompleteRequest
MmMapLockedPages
KeInitializeSpinLock
IoCreateSymbolicLink
vsprintf
NtBuildNumber
ExfInterlockedAddUlong
InterlockedIncrement
ExAllocatePoolWithTag
IoAttachDeviceByPointer
ExFreePool

hal

KfAcquireSpinLock
KfReleaseSpinLock
KeQueryPerformanceCounter
ExAcquireFastMutex
ExReleaseFastMutex
KeGetCurrentIrql

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3477053deb8d489360fa9c63e48a547b

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 15KB - Virtual size: 15KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 4KB - Virtual size: 4KB

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 15KB - Virtual size: 15KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 4KB - Virtual size: 4KB

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB