b0c35de2e3d50e05e51cf76482574f26_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b0c35de2e3d50e05e51cf76482574f26_JaffaCakes118
Size

184KB
MD5

b0c35de2e3d50e05e51cf76482574f26
SHA1

6eeb0603a1e9ffbc66b3320e9b488ebd490a218e
SHA256

b0220ea5ac08512f48949a5a69ce42419d6dd851fea523f208adbc5a2b32a997
SHA512

6f43156b3344aa3030da9050a693b83059066976b245c9b78474ea2305aaee6095d645f471257d8d3d5e7f886649fa09dfcd7640f0f49bfeac970e6914e106a5
SSDEEP

3072:Rb0DV40HMeHCRs31JB2OYHVdYup9btdOHVudX2OzWPmDDIk:QFH5JBHYH/fe4dX2QQyIk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b0c35de2e3d50e05e51cf76482574f26_JaffaCakes118

Files

b0c35de2e3d50e05e51cf76482574f26_JaffaCakes118
.sys windows:5 windows x86 arch:x86

a173c8964fe69aaf5db4e482b12dac19

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

acpi.pdb

Imports

ntoskrnl.exe

IoDeleteDevice
IoAttachDeviceToDeviceStack
IoCreateDevice
InterlockedPopEntrySList
InterlockedPushEntrySList
IoInvalidateDeviceRelations
InterlockedDecrement
strstr
IoGetAttachedDeviceReference
KeWaitForSingleObject
KeInitializeEvent
ExfInterlockedInsertTailList
IofCompleteRequest
ObReferenceObjectByPointer
RtlCompareMemory
PoRequestPowerIrp
ExQueueWorkItem
IoReleaseCancelSpinLock
InterlockedExchange
PoSetSystemState
ZwPowerInformation
PoStartNextPowerIrp
PoCallDriver
IoAcquireCancelSpinLock
PoSetPowerState
KdEnableDebugger
KdDisableDebugger
IofCallDriver
ExDeleteNPagedLookasideList
ObfDereferenceObject
IoBuildSynchronousFsdRequest
IoDetachDevice
IoWriteErrorLogEntry
IoAllocateErrorLogEntry
RtlInitUnicodeString
RtlIntegerToUnicodeString
ZwClose
RtlAnsiStringToUnicodeString
RtlInitAnsiString
ZwSetValueKey
IoOpenDeviceRegistryKey
RtlxAnsiStringToUnicodeSize
NlsMbCodePageTag
IoSetDeviceInterfaceState
IoRegisterDeviceInterface
ExfInterlockedCompareExchange64
InterlockedIncrement
ExCreateCallback
KeSetTimer
RtlGetNextRange
InterlockedCompareExchange
memmove
RtlFreeUnicodeString
RtlAddRange
RtlFreeRangeList
RtlEqualUnicodeString
HeadlessDispatch
IoRequestDeviceEject
PoShutdownBugCheck
ZwCreateKey
ZwQueryValueKey
ZwOpenKey
RtlUnicodeStringToInteger
ZwEnumerateKey
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
RtlFindLeastSignificantBit
IoWMIRegistrationControl
IoWMIWriteEvent
vsprintf
ObReferenceObjectByHandle
KeClearEvent
PsTerminateSystemThread
KeWaitForMultipleObjects
PsCreateSystemThread
wcslen
ObfReferenceObject
IoFreeWorkItem
IoQueueWorkItem
IoAllocateWorkItem
KeTickCount
KeInsertQueueDpc
KeSetEvent
swprintf
sprintf
RtlCopyUnicodeString
KeQueryActiveProcessors
KeInitializeTimer
KeInitializeSpinLock
ExInitializeNPagedLookasideList
KefAcquireSpinLockAtDpcLevel
ExRegisterCallback
KefReleaseSpinLockFromDpcLevel
DbgBreakPoint
ExNotifyCallback
ExAllocatePool
MmMapIoSpace
MmUnmapIoSpace
DbgPrint
_vsnprintf
KeQueryInterruptTime
KeCancelTimer
ExfInterlockedRemoveHeadList
RtlDeleteOwnersRanges
RtlCopyRangeList
_aullrem
RtlDeleteRange
IoGetDeviceProperty
RtlInitializeRangeList
_wcsicmp
RtlFindRange
HalDispatchTable
ExAllocatePoolWithTag
ExFreePoolWithTag
KeBugCheckEx
KeInitializeDpc
RtlGetFirstRange
IoConnectInterrupt

hal

KeStallExecutionProcessor
WRITE_PORT_USHORT
WRITE_PORT_UCHAR
READ_PORT_ULONG
READ_PORT_USHORT
READ_PORT_UCHAR
KeGetCurrentIrql
KfRaiseIrql
KfLowerIrql
HalSetBusDataByOffset
HalGetBusDataByOffset
KdComPortInUse
KfAcquireSpinLock
KfReleaseSpinLock
WRITE_PORT_ULONG

wmilib.sys

WmiCompleteRequest
WmiSystemControl

Sections

.text
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a173c8964fe69aaf5db4e482b12dac19

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

hal

wmilib.sys

Sections

.text Size: 107KB - Virtual size: 107KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 10KB - Virtual size: 10KB

PAGE Size: 39KB - Virtual size: 39KB

PAGE Size: 1KB - Virtual size: 1KB

INIT Size: 4KB - Virtual size: 4KB

.rsrc Size: 6KB - Virtual size: 6KB

.reloc Size: 9KB - Virtual size: 9KB

.text
Size: 107KB - Virtual size: 107KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 10KB - Virtual size: 10KB

PAGE
Size: 39KB - Virtual size: 39KB

PAGE
Size: 1KB - Virtual size: 1KB

INIT
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 6KB - Virtual size: 6KB

.reloc
Size: 9KB - Virtual size: 9KB