a2bacdaa288c66887779411df88bd00a_JaffaCakes118

General

Target

a2bacdaa288c66887779411df88bd00a_JaffaCakes118
Size

218KB
MD5

a2bacdaa288c66887779411df88bd00a
SHA1

0af44b134f1dd0a2b7507f329cf517ab9092cf6c
SHA256

c0450976efbb607fbe752193c57e0a8ba9367a935b55fc29d481e3b4fd0f1156
SHA512

b7a862a67b7d95e5075693945557a80553d80a300157b16808c72a2bac86db7a93010deda86f47aebc26b6580783104b52595c15028f46ff0d201cec4b4edc37
SSDEEP

3072:sM8+8MbJyZE+f69e/j0deBIiSBzZq/q+xLWLbnJbHp71trlF2D8k5RJMUL:Hx84teb0deu3zZq/q/DRbiJ1L

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a2bacdaa288c66887779411df88bd00a_JaffaCakes118

Files

a2bacdaa288c66887779411df88bd00a_JaffaCakes118
.sys windows:5 windows x86 arch:x86

f537c231573afb90b912db16b6e2b394

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

PsCreateSystemThread
PsSetCreateProcessNotifyRoutine
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
RtlInitUnicodeString
wcscpy
ExFreePool
ZwQueryValueKey
ZwOpenKey
ExAllocatePoolWithTag
ZwReadFile
ZwClose
ZwQueryInformationFile
ZwOpenFile
ZwWriteFile
ZwCreateFile
wcscat
PsGetVersion
MmGetSystemRoutineAddress
strncmp
IoGetCurrentProcess
ZwMapViewOfSection
ZwCreateSection
_stricmp
ZwUnmapViewOfSection
IoDeleteSymbolicLink
IofCompleteRequest
KeWaitForSingleObject
MmUnlockPages
KeInsertQueueApc
KeInitializeApc
KeInitializeEvent
KeUnstackDetachProcess
MmMapLockedPagesSpecifyCache
KeStackAttachProcess
IoFreeMdl
MmProbeAndLockPages
IoAllocateMdl
_except_handler3
KeSetEvent
PsTerminateSystemThread
ZwAllocateVirtualMemory
ZwOpenProcess
KeClearEvent
IoCreateNotificationEvent
ObfDereferenceObject
PsLookupProcessByProcessId

Sections

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 380B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 608B - Virtual size: 584B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f537c231573afb90b912db16b6e2b394

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 17KB - Virtual size: 17KB

.rdata Size: 384B - Virtual size: 380B

.data Size: 2KB - Virtual size: 2KB

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 608B - Virtual size: 584B

.text
Size: 17KB - Virtual size: 17KB

.rdata
Size: 384B - Virtual size: 380B

.data
Size: 2KB - Virtual size: 2KB

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 608B - Virtual size: 584B