9754242614951143a50e97f50be95e09_JaffaCakes118

General

Target

9754242614951143a50e97f50be95e09_JaffaCakes118
Size

595KB
MD5

9754242614951143a50e97f50be95e09
SHA1

a5a65b66f76656b927e3426a2413bfcd24e3af56
SHA256

aaaae4ac94335de669dddcbfe050feb6f60d148089a3b5d1a49405579a88e840
SHA512

ae648c3f3e893c6ef7f9664a3f16564dc4a65886e7a55690b886fd5adc7ec1fab30bda4e9c9f0ebfb20b10a43f6e0b4cf7e2815a7c4cbe0545be1b67397f9fc1
SSDEEP

12288:RL3bjKydiD+B2plEkAa52UjH1wl5gaA1s60N4gdWX:tiUiBpikzjS5gNs6M9I

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9754242614951143a50e97f50be95e09_JaffaCakes118

Files

9754242614951143a50e97f50be95e09_JaffaCakes118
.sys windows:5 windows x86 arch:x86

afd452fc9df1e8ad32cd4696f7f4f563

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

g:\programs\usbfixed\usbfixed\Release\i386\usbfixed.pdb

Imports

ntoskrnl.exe

_strnicmp
wcslen
IoGetCurrentProcess
wcsstr
ZwClose
ZwCreateFile
RtlInitUnicodeString
ZwReadFile
ExAllocatePoolWithTag
ExFreePoolWithTag
ZwQueryInformationFile
ZwSetInformationFile
ZwWriteFile
IofCompleteRequest
IoDeleteDevice
IoDeleteSymbolicLink
PsRemoveCreateThreadNotifyRoutine
PsSetCreateThreadNotifyRoutine
IoRegisterShutdownNotification
IoCreateSymbolicLink
IoCreateDevice
IoFreeMdl
MmUnlockPages
KeInsertQueueApc
KeInitializeApc
KeUnstackDetachProcess
MmMapLockedPagesSpecifyCache
KeStackAttachProcess
MmProbeAndLockPages
IoAllocateMdl
_except_handler3
RtlWriteRegistryValue
RtlQueryRegistryValues
memmove
_wcsicmp
KeTickCount
KeBugCheckEx

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 372B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 581KB - Virtual size: 581KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

afd452fc9df1e8ad32cd4696f7f4f563

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Sections

.text Size: 6KB - Virtual size: 6KB

.rdata Size: 384B - Virtual size: 372B

.data Size: 581KB - Virtual size: 581KB

PAGE Size: 1KB - Virtual size: 1KB

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 6KB - Virtual size: 6KB

.rdata
Size: 384B - Virtual size: 372B

.data
Size: 581KB - Virtual size: 581KB

PAGE
Size: 1KB - Virtual size: 1KB

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 2KB