a28f73c1d8016d0f75758b47290f98f2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a28f73c1d8016d0f75758b47290f98f2_JaffaCakes118
Size

120KB
MD5

a28f73c1d8016d0f75758b47290f98f2
SHA1

eae444014648fc630d89d38c02977a5c880fb6aa
SHA256

b48e2b40f9c32b321c34394c6e9b172351b9a310bb73993a42781ac0b863217a
SHA512

ad58b9e5bf4870bfe2227676f30724c3715de013ec904f3506eb19b8658d6a35b9115324e67f9a0ff1b5d85ed28b234e24119a0e7645c63f0de083a8f7c35887
SSDEEP

3072:N3BvWlsNs1KvM6iILkgC0+LJ0hEXBMTYig:Nxv8Jh6iKZt+LJ0heWYi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a28f73c1d8016d0f75758b47290f98f2_JaffaCakes118

Files

a28f73c1d8016d0f75758b47290f98f2_JaffaCakes118
.sys windows:5 windows x86 arch:x86

fe4d2535ca21da883b456f0e22400d67

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IofCompleteRequest
ObReferenceObjectByHandle
KeWaitForSingleObject
IoDeleteDevice
KeSetEvent
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
sprintf
IoCreateDevice
RtlFreeUnicodeString
PsCreateSystemThread
KeInitializeSpinLock
KeQuerySystemTime
strncpy
strncmp
MmIsAddressValid
MmProbeAndLockPages
MmUnlockPages
ObReferenceObjectByName
IoUnregisterFsRegistrationChange
IoRegisterFsRegistrationChange
IoAllocateMdl
ExAllocatePoolWithTag
ExFreePoolWithTag
ExGetPreviousMode
wcsncpy
RtlInitAnsiString
wcsncat
IoFreeMdl
IoDriverObjectType
KeInitializeEvent
KeDelayExecutionThread
ZwQueryInformationFile
ZwWriteFile
ZwReadFile
ZwCreateFile
ZwClose
RtlImageDirectoryEntryToData
ExAllocatePool
ExFreePool
isupper
ZwQueryDirectoryFile
ZwDeleteFile
ZwOpenFile
ZwOpenDirectoryObject
ZwQueryValueKey
isdigit
ZwQueryDirectoryObject
_wcsicmp
RtlCompareUnicodeString
MmMapLockedPages
ZwCreateKey
ZwDeleteValueKey
ZwSetValueKey
ZwEnumerateValueKey
KeServiceDescriptorTable
ZwLoadDriver
ZwEnumerateKey
ZwOpenKey
strchr
RtlInitUnicodeString
RtlTimeToTimeFields
PsTerminateSystemThread
KeTickCount
ZwFlushKey
ZwDeleteKey
KeInitializeSemaphore
KeReleaseSemaphore
KeReadStateSemaphore
toupper
isspace
RtlAnsiStringToUnicodeString
tolower
ZwQuerySystemInformation
strstr
memcpy
memset
_except_handler3
_allrem

hal

KeGetCurrentIrql
KfRaiseIrql
KfLowerIrql

Sections

1t@7ntI`
Size: - Virtual size: 133KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

\gcKaeMW
Size: - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

3o-NoJ?S
Size: - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Se+(q<ha
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

^k&xb/?Y
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

41&K)Jk
Size: - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

+bVs\sx`
Size: 118KB - Virtual size: 118KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

6DJI*EN^
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fe4d2535ca21da883b456f0e22400d67

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

1t@7ntI` Size: - Virtual size: 133KB

\gcKaeMW Size: - Virtual size: 18KB

3o-NoJ?S Size: - Virtual size: 25KB

Se+(q<ha Size: - Virtual size: 1KB

^k&xb/?Y Size: - Virtual size: 8KB

41&K)Jk Size: - Virtual size: 7KB

+bVs\sx` Size: 118KB - Virtual size: 118KB

6DJI*EN^ Size: 512B - Virtual size: 48B

1t@7ntI`
Size: - Virtual size: 133KB

\gcKaeMW
Size: - Virtual size: 18KB

3o-NoJ?S
Size: - Virtual size: 25KB

Se+(q<ha
Size: - Virtual size: 1KB

^k&xb/?Y
Size: - Virtual size: 8KB

41&K)Jk
Size: - Virtual size: 7KB

+bVs\sx`
Size: 118KB - Virtual size: 118KB

6DJI*EN^
Size: 512B - Virtual size: 48B