82632af0aa8f564516c9011e22a1e1d3_JaffaCakes118

General

Target

82632af0aa8f564516c9011e22a1e1d3_JaffaCakes118
Size

41KB
MD5

82632af0aa8f564516c9011e22a1e1d3
SHA1

e75e643b73335917a4f11522324a63c5d63c00cd
SHA256

71cb09b18b98b3efd28fc6c44ce69254286a658485d4302449c9dbf842726fc5
SHA512

ff2af0f0c28b535196678a9a169317b816e0e9b98cb9819e768fc29762e22df48858745fe670c1358431563c858a85750e147c0af8e00731d32dd3f07cb33c3e
SSDEEP

768:yDa1olghpwF8Dnnyw8O3sQ7dNy+49DMnatsWS/3EXJUrIIfJp:yDCog++nN8O3H7dNyfAa+WSWC3p

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
82632af0aa8f564516c9011e22a1e1d3_JaffaCakes118

Files

82632af0aa8f564516c9011e22a1e1d3_JaffaCakes118
.sys windows:5 windows x86 arch:x86

88eaf18effd0ff18bac56f95d61871c1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExFreePoolWithTag
RtlUpcaseUnicodeString
IoBuildSynchronousFsdRequest
RtlCompareString
ExAllocatePool
RtlPrefixUnicodeString
RtlUpperString
IofCallDriver
KeClearEvent
ObGetObjectSecurity
MmMapLockedPages
VerSetConditionMask
PoUnregisterSystemState
KeSetEvent
IoVerifyPartitionTable
KeInitializeEvent
ZwDeleteValueKey
RtlInitString
MmBuildMdlForNonPagedPool
PoRequestPowerIrp
ZwSetInformationFile
ZwUnloadDriver
PoSetPowerState
ZwMakeTemporaryObject
PoStartNextPowerIrp
ZwEnumerateValueKey
ZwClose
ObReferenceObjectByHandle
KeWaitForSingleObject
ZwFlushKey
IoSetPartitionInformationEx
ZwCancelTimer
PoCallDriver
ObfReferenceObject
ZwTerminateProcess
ZwDeleteKey
ZwOpenSection
ZwLoadDriver
ZwOpenKey
memset
memcpy

Exports

Exports

_CreateCompressedBuffer@0
_WriteCompressedBuffer@4

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.ecode
Size: 512B - Virtual size: 413B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 230B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

88eaf18effd0ff18bac56f95d61871c1

Headers

File Characteristics

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 3KB - Virtual size: 2KB

.ecode Size: 512B - Virtual size: 413B

.data Size: - Virtual size: 4B

PAGE Size: 4KB - Virtual size: 4KB

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 30KB - Virtual size: 30KB

.reloc Size: 512B - Virtual size: 230B

.text
Size: 3KB - Virtual size: 2KB

.ecode
Size: 512B - Virtual size: 413B

.data
Size: - Virtual size: 4B

PAGE
Size: 4KB - Virtual size: 4KB

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 30KB - Virtual size: 30KB

.reloc
Size: 512B - Virtual size: 230B