b0cf426ca64f5dc2bb76e9c383c200c3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b0cf426ca64f5dc2bb76e9c383c200c3_JaffaCakes118
Size

765KB
MD5

b0cf426ca64f5dc2bb76e9c383c200c3
SHA1

cbb6740ee93f38ad33ef3874c79dbcf64ba1c2f9
SHA256

a01380afc1f636c048576c2b52ddb82bb1b73957fb233d81a0154bae1c02b1e7
SHA512

84e8cbaa194881b49f53866b162e1dc938caaafdb69d25c1866c850e2936c37dab2e3e99816d31ac3e813c94f9edf71cf0bc0450364676a1c254b91f2f57d618
SSDEEP

12288:vj5FT4fTwwPyS5Hsh7ZaPmLSA2yLvRZ44OlIef6/Xu2xRmoyoZa8aboGiogD1UBv:vdmrxKyPmuA1LvTK1f622xRm2a8/CqUQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b0cf426ca64f5dc2bb76e9c383c200c3_JaffaCakes118

Files

b0cf426ca64f5dc2bb76e9c383c200c3_JaffaCakes118
.sys windows:4 windows x86 arch:x86

6cf0a8e762a261a378b9913ba14bc9c8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwQuerySystemInformation
ExAllocatePoolWithTag
ExFreePoolWithTag
IoBuildSynchronousFsdRequest
RtlUnwind
ZwYieldExecution
KeI386ReleaseGdtSelectors
ZwSetTimer
LpcPortObjectType
ExDeleteResourceLite
wcscspn
_allshl
IoCreateDevice
NtDeleteAtom
MmLockPagableDataSection
KeInitializeMutex
ZwQueryInformationFile
RtlLargeIntegerShiftLeft
ExConvertExclusiveToSharedLite
RtlClearAllBits
MmMapLockedPagesSpecifyCache
InitSafeBootMode
KeSetKernelStackSwapEnable
RtlSecondsSince1980ToTime
RtlMultiByteToUnicodeN
_itow
ZwClearEvent
MmUnmapIoSpace
RtlIsRangeAvailable
RtlMultiByteToUnicodeSize
RtlSetSaclSecurityDescriptor
PsDisableImpersonation
PsGetProcessExitTime
PsGetCurrentProcessId
RtlDeleteRegistryValue
wcsspn
KeNumberProcessors
RtlFindRange
FsRtlGetFileSize
SePrivilegeCheck
NtWaitForSingleObject
strcmp
ExSetResourceOwnerPointer
RtlTraceDatabaseValidate
NtConnectPort
NtOpenProcess
SeSetAccessStateGenericMapping
ZwAdjustPrivilegesToken
NtOpenFile
isxdigit
IoCheckQuerySetVolumeInformation
RtlUpperChar
IoDriverObjectType
NtQueryInformationFile
PoRegisterDeviceForIdleDetection
PsEstablishWin32Callouts
InbvSolidColorFill
KeSetBasePriorityThread
ZwOpenSymbolicLinkObject
ExInterlockedPopEntrySList
PsAssignImpersonationToken
CcGetLsnForFileObject
RtlFindUnicodePrefix
KeSetEventBoostPriority
MmGetPhysicalAddress
FsRtlInitializeOplock
NlsMbOemCodePageTag
NtVdmControl
ZwSetDefaultUILanguage
KeSetTimer
RtlInsertElementGenericTable
NtQueryDirectoryFile
ZwConnectPort
IoSetFileOrigin
ZwLoadKey
ZwOpenEvent
RtlFindClearBits
SeAuditingFileEvents
RtlFindSetBits
KeInsertDeviceQueue
IoCreateSymbolicLink
FsRtlFastCheckLockForRead
KeProfileInterrupt
IoSetDeviceInterfaceState

Sections

.text
Size: 349KB - Virtual size: 349KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 552B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 402KB - Virtual size: 401KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6cf0a8e762a261a378b9913ba14bc9c8

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 349KB - Virtual size: 349KB

.rdata Size: 1024B - Virtual size: 552B

.data Size: 9KB - Virtual size: 23KB

INIT Size: 2KB - Virtual size: 2KB

.reloc Size: 402KB - Virtual size: 401KB

.text
Size: 349KB - Virtual size: 349KB

.rdata
Size: 1024B - Virtual size: 552B

.data
Size: 9KB - Virtual size: 23KB

INIT
Size: 2KB - Virtual size: 2KB

.reloc
Size: 402KB - Virtual size: 401KB