b1acf7358b6e5542e772e7dd35da5280_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b1acf7358b6e5542e772e7dd35da5280_JaffaCakes118
Size

35KB
MD5

b1acf7358b6e5542e772e7dd35da5280
SHA1

1eb5b0091563442fa8905808f4c45e3641072e78
SHA256

599e630184c3bda6cae623da71eba25e17854d7dd11ab0069abc63fde4d53786
SHA512

4d1ab78b8c892146186236d030c066ec5632fe66e2e74ae45913735d31ad4e12671e8645428354bb16ca9b42eed2c0c5b44f6e13a214ab28bb4511e3cd6ee7d8
SSDEEP

768:r6g1TMTaIyD47LHS84pOz9UkJFaatHNmT:9MTauukfR0T

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b1acf7358b6e5542e772e7dd35da5280_JaffaCakes118

Files

b1acf7358b6e5542e772e7dd35da5280_JaffaCakes118
.sys windows:4 windows x86 arch:x86

9038267dffe5d0d2eb21c81354dee3f8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExAcquireResourceExclusiveLite
KeEnterCriticalRegion
sprintf
ExAcquireResourceSharedLite
ExReleaseResourceLite
IoFreeIrp
KeSetEvent
KeWaitForSingleObject
IofCallDriver
KeGetCurrentThread
IoAllocateIrp
KeInitializeEvent
memmove
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
strncmp
IoGetCurrentProcess
PsGetCurrentProcessId
strncpy
IoAttachDeviceToDeviceStack
ObfDereferenceObject
IoCreateDevice
IoGetRelatedDeviceObject
vsprintf
KeLeaveCriticalRegion
ZwCreateFile
RtlInitUnicodeString
IoQueryVolumeInformation
IoAttachDeviceByPointer
ExInterlockedPushEntrySList
KeQuerySystemTime
ExInterlockedPopEntrySList
ProbeForWrite
KeClearEvent
_except_handler3
IoDeleteDevice
IoDetachDevice
ExQueueWorkItem
IofCompleteRequest
strstr
MmMapLockedPages
IoDeleteSymbolicLink
ExInitializeNPagedLookasideList
ExInitializeResourceLite
IoCreateSymbolicLink
InterlockedIncrement
ExAllocatePoolWithTag
ExFreePool
ZwClose
ObReferenceObjectByHandle
_strlwr

hal

KeGetCurrentIrql
KeQueryPerformanceCounter
ExAcquireFastMutex
ExReleaseFastMutex

Sections

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9038267dffe5d0d2eb21c81354dee3f8

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 18KB - Virtual size: 17KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 3KB

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 8KB - Virtual size: 8KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 18KB - Virtual size: 17KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 3KB

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 8KB - Virtual size: 8KB

.reloc
Size: 3KB - Virtual size: 2KB