8dfde4c6a5f48b50541d9239550adb7e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8dfde4c6a5f48b50541d9239550adb7e_JaffaCakes118
Size

742KB
MD5

8dfde4c6a5f48b50541d9239550adb7e
SHA1

d6a9f30029b1d4b83f306d9a6b49769ead06c69c
SHA256

1fc3b26726b65ad267fa8e5ecd8ae9975abcb85fe630fd1af7fd291b8fe8d472
SHA512

f06afabc711a2067735a56ec1b16d161b131c4f69db0e4794634e8f664be79fa014014be590f54c29a193761ee648d7ac6d5dfa3152b011349eb5ad1f792feaf
SSDEEP

12288:BHst8tmeA81KAyoT/SVyUPJpITyMf+2nm2+Gk+3+D/ooAw1c9Ope9aFjdv64qRb0:BM3h81K3XVyU3ITD+2nm1DSCe9aFjdvT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8dfde4c6a5f48b50541d9239550adb7e_JaffaCakes118

Files

8dfde4c6a5f48b50541d9239550adb7e_JaffaCakes118
.sys windows:4 windows x86 arch:x86

5ea030c4b0a15993c7d60932af80b561

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

KeBugCheckEx
KeWaitForSingleObject
KeSetEvent
IofCompleteRequest
ExFreePoolWithTag
IoDeleteDevice
IoCreateDevice
ZwQueryValueKey
IoFreeIrp
PoStartNextPowerIrp
IoAttachDeviceToDeviceStack
IoDetachDevice
IoAllocateIrp
MmMapLockedPagesSpecifyCache
KeInitializeDpc
ZwOpenKey
RtlQueryRegistryValues
IoFreeMdl
ExFreePool
KeInitializeTimer
IoBuildDeviceIoControlRequest
IoFreeWorkItem
IoWMIRegistrationControl
KeDelayExecutionThread
KeSetTimer
PoSetPowerState
PsCreateSystemThread
MmBuildMdlForNonPagedPool
KeInsertQueueDpc
RtlInitAnsiString
IoWriteErrorLogEntry
IoBuildSynchronousFsdRequest
IoDeleteSymbolicLink
MmUnmapIoSpace
_vsnwprintf
IoAcquireRemoveLockEx
IoInitializeRemoveLockEx
RtlUnicodeStringToAnsiString
KeResetEvent
ObfReferenceObject
IoReleaseRemoveLockEx
ZwCreateKey
KeQueryTimeIncrement
KeReleaseMutex
RtlAppendUnicodeStringToString
KeInitializeMutex
_vsnprintf
RtlIntegerToUnicodeString
IoGetAttachedDeviceReference
KeSetTimerEx
ExDeleteNPagedLookasideList
ExInitializeNPagedLookasideList
IoDisconnectInterrupt
IoConnectInterrupt
RtlWriteRegistryValue
IoGetDmaAdapter
MmUnlockPages
IoGetDeviceObjectPointer
ZwQuerySystemInformation
ExAllocatePoolWithTag
RtlInitUnicodeString
_snprintf

Sections

.text
Size: 334KB - Virtual size: 334KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 304B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 388KB - Virtual size: 387KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5ea030c4b0a15993c7d60932af80b561

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 334KB - Virtual size: 334KB

.rdata Size: 512B - Virtual size: 304B

.data Size: 15KB - Virtual size: 14KB

INIT Size: 2KB - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 388KB - Virtual size: 387KB

.text
Size: 334KB - Virtual size: 334KB

.rdata
Size: 512B - Virtual size: 304B

.data
Size: 15KB - Virtual size: 14KB

INIT
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 388KB - Virtual size: 387KB