ab1f51b248e525526cf55dce83b7903a_JaffaCakes118

General

Target

ab1f51b248e525526cf55dce83b7903a_JaffaCakes118
Size

32KB
MD5

ab1f51b248e525526cf55dce83b7903a
SHA1

a89f8349cf1db29fd83119eba3c25593eca8da44
SHA256

aa6b16ed68c3c4318060c4147794f86a9468e552cba8e36bb3b9744a288baf09
SHA512

b069a5edb3a107199ec2335c65a75beaf5fa1d9bcaa6309c6075cc8181221942ee1b6fab95fe51b0028cba413e2f13018d78a771c63783611582366d5f7895a3
SSDEEP

384:+2+3OI5LdSs/UJD8yvnJlX8KgLcQumUOeiADYdAenOxFx1BBSIr+ZB7aLk4:j85JSs/3yRlRevx8YjnOx/1BFU7aLT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ab1f51b248e525526cf55dce83b7903a_JaffaCakes118

Files

ab1f51b248e525526cf55dce83b7903a_JaffaCakes118
.sys windows:5 windows x86 arch:x86

b46d1fad992a4b483ed5a98b7dbb9967

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExFreePoolWithTag
ExAllocatePool
KeGetCurrentThread
PsSetCreateProcessNotifyRoutine
SeSinglePrivilegeCheck
ZwDisplayString
IoAttachDeviceByPointer
KeCancelTimer
ZwCreateTimer
IoGetDeviceObjectPointer
ZwSetInformationThread
IoRaiseHardError
IoReportResourceForDetection
KeWaitForSingleObject
KeSetTimer
wcsncmp
RtlCreateRegistryKey
RtlDeleteRegistryValue
KeInitializeDpc
_wcsnicmp
KeInitializeTimer
_strnicmp
RtlInitUnicodeString
RtlDeleteNoSplay
RtlAnsiStringToUnicodeString
_allmul
memset
MmRemovePhysicalMemory
MmGetPhysicalMemoryRanges
MmGetPhysicalAddress

Exports

Exports

__MmGetPhysicalMemoryRanges@0
___MmRemovePhysicalMemory@0

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.datac
Size: 1024B - Virtual size: 610B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 400B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 814B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b46d1fad992a4b483ed5a98b7dbb9967

Headers

File Characteristics

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 3KB

.datac Size: 1024B - Virtual size: 610B

.data Size: 512B - Virtual size: 400B

INIT Size: 1024B - Virtual size: 814B

.rsrc Size: 24KB - Virtual size: 23KB

.reloc Size: 512B - Virtual size: 260B

.text
Size: 4KB - Virtual size: 3KB

.datac
Size: 1024B - Virtual size: 610B

.data
Size: 512B - Virtual size: 400B

INIT
Size: 1024B - Virtual size: 814B

.rsrc
Size: 24KB - Virtual size: 23KB

.reloc
Size: 512B - Virtual size: 260B