b0ce209df954db96ab744a7a88b129cf_JaffaCakes118

General

Target

b0ce209df954db96ab744a7a88b129cf_JaffaCakes118
Size

32KB
MD5

b0ce209df954db96ab744a7a88b129cf
SHA1

b9122ae1c21d47d64e5c966b77368bf0a35c5162
SHA256

79a9cec6950cead075deb4d56d5f7640146ca4da300368e6acb8ba7170db8f89
SHA512

acd2ef2e5931999e81c703cd42d11a8d22c40edfbbab9fb3dbd89e3377c2fc33ad2b3a95ce9216d72a860c6d71a45270ecf0365f4ed4794d3e5ace73eb9dcab3
SSDEEP

384:/2+3OI5LdSs/UJd8yvnJ/X8KgLcQumUOeiADwdAenHxFxQBB2Ir+ZB7arkE:+85JSs/tyR/Revx8wjnHx/QBpU7ar/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b0ce209df954db96ab744a7a88b129cf_JaffaCakes118

Files

b0ce209df954db96ab744a7a88b129cf_JaffaCakes118
.sys windows:5 windows x86 arch:x86

b46d1fad992a4b483ed5a98b7dbb9967

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExFreePoolWithTag
ExAllocatePool
KeGetCurrentThread
PsSetCreateProcessNotifyRoutine
SeSinglePrivilegeCheck
ZwDisplayString
IoAttachDeviceByPointer
KeCancelTimer
ZwCreateTimer
IoGetDeviceObjectPointer
ZwSetInformationThread
IoRaiseHardError
IoReportResourceForDetection
KeWaitForSingleObject
KeSetTimer
wcsncmp
RtlCreateRegistryKey
RtlDeleteRegistryValue
KeInitializeDpc
_wcsnicmp
KeInitializeTimer
_strnicmp
RtlInitUnicodeString
RtlDeleteNoSplay
RtlAnsiStringToUnicodeString
_allmul
memset
MmRemovePhysicalMemory
MmGetPhysicalMemoryRanges
MmGetPhysicalAddress

Exports

Exports

__MmGetPhysicalMemoryRanges@0
___MmRemovePhysicalMemory@0

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.datac
Size: 1024B - Virtual size: 610B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 400B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 814B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b46d1fad992a4b483ed5a98b7dbb9967

Headers

File Characteristics

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 3KB

.datac Size: 1024B - Virtual size: 610B

.data Size: 512B - Virtual size: 400B

INIT Size: 1024B - Virtual size: 814B

.rsrc Size: 24KB - Virtual size: 23KB

.reloc Size: 512B - Virtual size: 260B

.text
Size: 4KB - Virtual size: 3KB

.datac
Size: 1024B - Virtual size: 610B

.data
Size: 512B - Virtual size: 400B

INIT
Size: 1024B - Virtual size: 814B

.rsrc
Size: 24KB - Virtual size: 23KB

.reloc
Size: 512B - Virtual size: 260B