b89361a6a964d87f6d7184f7c849cfa0_JaffaCakes118

General

Target

b89361a6a964d87f6d7184f7c849cfa0_JaffaCakes118
Size

31KB
MD5

b89361a6a964d87f6d7184f7c849cfa0
SHA1

f6f962a7db0b3306dbda3f6670462b20ccb83eb0
SHA256

2e7ac4594665ca6348cf6b0bb22709bd98a8e4cab1b5b7a4fdece389c11fbcb3
SHA512

387c92effaeebff9941e1f58b04a1552db8c1f75f018a5e1b5198f5692babfa1a79827e521100d3e9bc84cdc2cac4f7826effd73d466259b0d3619afcbf9ace9
SSDEEP

768:dVLnOiQcv2Kk1vmPKAF+17FrC3UeoSEXb:LRQbPmjF+FF3nSOb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b89361a6a964d87f6d7184f7c849cfa0_JaffaCakes118

Files

b89361a6a964d87f6d7184f7c849cfa0_JaffaCakes118
.sys windows:5 windows x86 arch:x86

6e1a42f9e3d9025b304e30bb1c307069

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExFreePoolWithTag
ExAllocatePool
IoAllocateDriverObjectExtension
IoAllocateIrp
PsGetCurrentProcessId
ZwPowerInformation
IoDeleteController
KeCancelTimer
ZwOpenTimer
IoGetDeviceObjectPointer
ZwTerminateProcess
IoRaiseInformationalHardError
RtlPrefixUnicodeString
KeWaitForSingleObject
RtlExtendedIntegerMultiply
RtlGUIDFromString
KeInitializeDpc
wcsspn
KeInitializeTimer
RtlTimeFieldsToTime
wcsncpy
RtlInitUnicodeString
RtlSubtreePredecessor
RtlAnsiStringToUnicodeString
_stricmp
wcsrchr
_wcslwr
_allmul
memset
MmRemovePhysicalMemory
MmGetPhysicalMemoryRanges
MmGetPhysicalAddress

Exports

Exports

__ExReleaseFastMutex@8
__ExTryToAcquireFastMutex@0

Sections

.itext
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 126B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 844B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 282B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6e1a42f9e3d9025b304e30bb1c307069

Headers

File Characteristics

Imports

ntoskrnl.exe

Exports

Exports

Sections

.itext Size: 5KB - Virtual size: 4KB

.data Size: 512B - Virtual size: 352B

.edata Size: 512B - Virtual size: 126B

INIT Size: 1024B - Virtual size: 844B

.rsrc Size: 24KB - Virtual size: 23KB

.reloc Size: 512B - Virtual size: 282B

.itext
Size: 5KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 352B

.edata
Size: 512B - Virtual size: 126B

INIT
Size: 1024B - Virtual size: 844B

.rsrc
Size: 24KB - Virtual size: 23KB

.reloc
Size: 512B - Virtual size: 282B