84e9bd67294b7f87fbf4125911b5f36f_JaffaCakes118

General

Target

84e9bd67294b7f87fbf4125911b5f36f_JaffaCakes118
Size

41KB
MD5

84e9bd67294b7f87fbf4125911b5f36f
SHA1

d6317d834ccc77c7562c08db8516b6ecfdd4decb
SHA256

5953ffaeec0699b74870403c687d3e361c7b973511e4879d608f0a9178b44101
SHA512

bad19fe79332432fd1e887241f3340cd134090c62b2276dab2dbd4f1205007a0227b83a53f947d2bbc5fe22b596f865a5e7afa6a8d45ce77106b8f37593a9598
SSDEEP

768:8DahonlgYg56x6nb+ON1t8E+yM8mp3UQQ72wgIcANub8MrlTuhE:8D+oVjxKqOZ8E+FEQQ7PJhE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
84e9bd67294b7f87fbf4125911b5f36f_JaffaCakes118

Files

84e9bd67294b7f87fbf4125911b5f36f_JaffaCakes118
.sys windows:5 windows x86 arch:x86

88eaf18effd0ff18bac56f95d61871c1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExFreePoolWithTag
RtlUpcaseUnicodeString
IoBuildSynchronousFsdRequest
RtlCompareString
ExAllocatePool
RtlPrefixUnicodeString
RtlUpperString
IofCallDriver
KeClearEvent
ObGetObjectSecurity
MmMapLockedPages
VerSetConditionMask
PoUnregisterSystemState
KeSetEvent
IoVerifyPartitionTable
KeInitializeEvent
ZwDeleteValueKey
RtlInitString
MmBuildMdlForNonPagedPool
PoRequestPowerIrp
ZwSetInformationFile
ZwUnloadDriver
PoSetPowerState
ZwMakeTemporaryObject
PoStartNextPowerIrp
ZwEnumerateValueKey
ZwClose
ObReferenceObjectByHandle
KeWaitForSingleObject
ZwFlushKey
IoSetPartitionInformationEx
ZwCancelTimer
PoCallDriver
ObfReferenceObject
ZwTerminateProcess
ZwDeleteKey
ZwOpenSection
ZwLoadDriver
ZwOpenKey
memset
memcpy

Exports

Exports

_CreateCompressedBuffer@0
_WriteCompressedBuffer@4

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.ecode
Size: 512B - Virtual size: 413B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 230B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

88eaf18effd0ff18bac56f95d61871c1

Headers

File Characteristics

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 3KB - Virtual size: 2KB

.ecode Size: 512B - Virtual size: 413B

.data Size: - Virtual size: 4B

PAGE Size: 4KB - Virtual size: 4KB

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 30KB - Virtual size: 30KB

.reloc Size: 512B - Virtual size: 230B

.text
Size: 3KB - Virtual size: 2KB

.ecode
Size: 512B - Virtual size: 413B

.data
Size: - Virtual size: 4B

PAGE
Size: 4KB - Virtual size: 4KB

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 30KB - Virtual size: 30KB

.reloc
Size: 512B - Virtual size: 230B