ad7e2a61baa8f9c3a8926c7b8ff07beb_JaffaCakes118

General

Target

ad7e2a61baa8f9c3a8926c7b8ff07beb_JaffaCakes118
Size

6KB
MD5

ad7e2a61baa8f9c3a8926c7b8ff07beb
SHA1

696d20f7cca9920c12de6c869184d25019c31df4
SHA256

f5ac5654a2f65794224d5213f791b40b3c37acff39cc962e3eb768b2980f6598
SHA512

d2486327ee717cf826fe00a4c1b5ca004191d56f8f9e890ebe91d8ffe615113f870b4b7ff5f65d218d0df480088d960dbec29bb5352cbed04cf2d3a7e18b5f96
SSDEEP

96:V8YKvKuY3KpudKQ/h36dUJjqHKG8Y76+LVEZ3to67i85:FVuY3KpyKmiUJjFWxEZ3to67J

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ad7e2a61baa8f9c3a8926c7b8ff07beb_JaffaCakes118

Files

ad7e2a61baa8f9c3a8926c7b8ff07beb_JaffaCakes118
.sys windows:5 windows x86 arch:x86

ea701a653a7c87fe7fa7b8d8392fdf37

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Imports

ntoskrnl.exe

ExFreePool
ExAllocatePoolWithTag
ObfDereferenceObject
ObOpenObjectByPointer
MmGetSystemRoutineAddress
PsLookupProcessByProcessId
KeUnstackDetachProcess
KeStackAttachProcess
ObReferenceObjectByHandle
ProbeForRead
ProbeForWrite
_except_handler3
ZwQuerySymbolicLinkObject
ZwOpenSection
ZwMapViewOfSection
RtlConvertUlongToLargeInteger
ZwUnmapViewOfSection
IoDeleteDevice
IoCreateSymbolicLink
RtlFreeAnsiString
RtlAnsiStringToUnicodeString
RtlUnicodeStringToAnsiString
IoCreateDevice
IoDeleteSymbolicLink
IofCompleteRequest
MmMapLockedPagesSpecifyCache
KeTickCount
ZwClose
RtlInitUnicodeString
ZwOpenSymbolicLinkObject
ZwCreateFile

hal

WRITE_PORT_BUFFER_USHORT
WRITE_PORT_BUFFER_ULONG
READ_PORT_BUFFER_UCHAR
READ_PORT_BUFFER_USHORT
READ_PORT_BUFFER_ULONG
HalTranslateBusAddress
WRITE_PORT_BUFFER_UCHAR

Sections

.text
Size: 128B - Virtual size: 96B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 388B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ea701a653a7c87fe7fa7b8d8392fdf37

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

hal

Sections

.text Size: 128B - Virtual size: 96B

.rdata Size: 512B - Virtual size: 420B

.data Size: 128B - Virtual size: 4B

PAGE Size: 2KB - Virtual size: 2KB

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 388B

.text
Size: 128B - Virtual size: 96B

.rdata
Size: 512B - Virtual size: 420B

.data
Size: 128B - Virtual size: 4B

PAGE
Size: 2KB - Virtual size: 2KB

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 388B