828ba3e248ae448a12b2235e0f653e32_JaffaCakes118

General

Target

828ba3e248ae448a12b2235e0f653e32_JaffaCakes118
Size

740KB
MD5

828ba3e248ae448a12b2235e0f653e32
SHA1

7a494f486df70d277125416ae11d6cccb76d91c3
SHA256

0d9d5e59f8d03a2c3cf87dfc3c6ec47ff1198a4c9f85df32c0071e1e81e8d11b
SHA512

29f159f1030cfd4b832cd4f88a6c236cc8afea01a6b5e150d711d3a685107eac20ba118468392704a219c553639346ade97f72ad17bdc334bc1062a32fce1c76
SSDEEP

12288:5sWOrTVdH8jxfurbEl8ZI2xbra56AMyYy5+ie92JgZGqSsJPCuQ+:5ATV1816AyZPra3uy5+T922Q+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
828ba3e248ae448a12b2235e0f653e32_JaffaCakes118

Files

828ba3e248ae448a12b2235e0f653e32_JaffaCakes118
.sys windows:4 windows x86 arch:x86

fca803e8b5a686a8af144478578ee3ae

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

sprintf
ZwQuerySystemInformation
ExAllocatePoolWithTag
ExFreePoolWithTag
MmMapLockedPagesSpecifyCache
MmUnmapViewInSystemSpace
IoCreateSymbolicLink
MmGetSystemRoutineAddress
MmGetPhysicalMemoryRanges
MmAllocateContiguousMemory
CcUnpinDataForThread
NtQueryInformationToken
ZwFlushVirtualMemory
MmMapLockedPages
RtlLargeIntegerAdd
ZwYieldExecution
IoAllocateMdl
RtlMultiByteToUnicodeN
ZwCloseObjectAuditAlarm
Exfi386InterlockedDecrementLong
PsInitialSystemProcess
KeInsertQueueDpc
ZwDeleteValueKey
FsRtlCheckLockForWriteAccess
KeProfileInterrupt
SeAssignSecurityEx
KeSetProfileIrql
ZwSetSecurityObject
IoGetDeviceInterfaces
KeFindConfigurationNextEntry
KeInitializeEvent
FsRtlNumberOfRunsInLargeMcb
IoDeleteDevice
ObfReferenceObject
RtlUpcaseUnicodeStringToOemString
PsThreadType
IoCreateDevice
_aulldiv
FsRtlResetLargeMcb
IoReportResourceUsage
ZwQueryValueKey
swprintf
RtlDeleteRegistryValue
RtlEnlargedUnsignedMultiply
PsJobType
MmAllocateContiguousMemorySpecifyCache
RtlClearBits
PoSetSystemState
ZwDeleteFile
ObCheckCreateObjectAccess
ExNotifyCallback
PsDisableImpersonation
RtlNextUnicodePrefix
MmQuerySystemSize
CcPreparePinWrite
KeLoaderBlock
ZwUnloadKey
ExDeleteNPagedLookasideList
_aullshr
RtlAbsoluteToSelfRelativeSD

Sections

.text
Size: 333KB - Virtual size: 332KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 269B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 392KB - Virtual size: 391KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fca803e8b5a686a8af144478578ee3ae

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 333KB - Virtual size: 332KB

.rdata Size: 512B - Virtual size: 269B

.data Size: 12KB - Virtual size: 26KB

INIT Size: 2KB - Virtual size: 1KB

.reloc Size: 392KB - Virtual size: 391KB

.text
Size: 333KB - Virtual size: 332KB

.rdata
Size: 512B - Virtual size: 269B

.data
Size: 12KB - Virtual size: 26KB

INIT
Size: 2KB - Virtual size: 1KB

.reloc
Size: 392KB - Virtual size: 391KB