a1c765585462a879038318305d708e23_JaffaCakes118

General

Target

a1c765585462a879038318305d708e23_JaffaCakes118
Size

741KB
MD5

a1c765585462a879038318305d708e23
SHA1

504b9a7faebd7aae418277b918e96d02044d85f8
SHA256

67156eda5667d77831b7356868bde3e32141fe229f0a2402382350234318174a
SHA512

31f6170b35278b96b6c9dc110b48001dc28cf866fa6edf7e6a908251e71b666a2f64936fe37bbc3b4c30333bdc9dba31cfaa4f7a1b7d44d7d6a5a05288bd468f
SSDEEP

12288:cNNBsinndUmku3PryXNUfgh2QIiYX6GB3B+sN3V2TUxs+ihU9UsIaZ4Sm9BZShDR:cNVT+Xegh2/N6GnxHijFaZ4NZSFysH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a1c765585462a879038318305d708e23_JaffaCakes118

Files

a1c765585462a879038318305d708e23_JaffaCakes118
.sys windows:4 windows x86 arch:x86

7df31347b0b2276e3cbe81858504e373

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlInitUnicodeString
KeSetEvent
RtlCompareMemory
IoDeleteDevice
PoCallDriver
IoFreeIrp
RtlCopyUnicodeString
IoOpenDeviceRegistryKey
KeClearEvent
ObReferenceObjectByHandle
IoCancelIrp
PoSetPowerState
KeReleaseSpinLockFromDpcLevel
PsCreateSystemThread
IoWMIWriteEvent
IoWriteErrorLogEntry
IoBuildSynchronousFsdRequest
_vsnwprintf
IoAcquireRemoveLockEx
RtlUnicodeStringToAnsiString
KeResetEvent
MmMapIoSpace
RtlAppendUnicodeStringToString
IoReleaseRemoveLockAndWaitEx
RtlIntegerToUnicodeString
ExDeleteNPagedLookasideList
IoAcquireCancelSpinLock
IoDisconnectInterrupt
RtlWriteRegistryValue
MmProbeAndLockPages
IoInvalidateDeviceRelations
MmUnlockPages
KeRemoveQueueDpc
ZwQuerySystemInformation
ExAllocatePoolWithTag
ExFreePoolWithTag
IoCreateDevice
_snprintf

Sections

.text
Size: 334KB - Virtual size: 334KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 210B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 388KB - Virtual size: 387KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7df31347b0b2276e3cbe81858504e373

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 334KB - Virtual size: 334KB

.rdata Size: 512B - Virtual size: 210B

.data Size: 14KB - Virtual size: 14KB

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 388KB - Virtual size: 387KB

.text
Size: 334KB - Virtual size: 334KB

.rdata
Size: 512B - Virtual size: 210B

.data
Size: 14KB - Virtual size: 14KB

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 388KB - Virtual size: 387KB