b89ba6e53b9584de1f156e2ae8bd4943_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b89ba6e53b9584de1f156e2ae8bd4943_JaffaCakes118
Size

63KB
MD5

b89ba6e53b9584de1f156e2ae8bd4943
SHA1

1a5e6b54bed45f4954f05b6ef0b0f0acacdaa016
SHA256

443a4b3529404036acbed424ebbe178acc718f145d94914f2c6b4d3bdc36dc69
SHA512

13e7ffcf31d711b204daf0feab09a96970b519612f49f3e4d0ed38dbb18269d82cd63417e6e4c196a0a3bbc5d5296633c58a80f3f1817c04806d1d9317141918
SSDEEP

768:GC3lkPCRVKlnBQAjUyGe2Go+Z7JSYdpqnN6kvXxAi:GniVQBQAYg2GbZz6XWi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b89ba6e53b9584de1f156e2ae8bd4943_JaffaCakes118

Files

b89ba6e53b9584de1f156e2ae8bd4943_JaffaCakes118
.sys windows:4 windows x86 arch:x86

e2b945278bde482d9977d3309a691742

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\SRC\Z32\ZSTAR_OK14\Free\Z32NT.pdb

Imports

ntoskrnl.exe

KeDelayExecutionThread
IofCompleteRequest
DbgBreakPoint
RtlInitUnicodeString
KeSetEvent
IoWriteErrorLogEntry
IoAllocateErrorLogEntry
ZwCreateFile
wcscat
wcschr
wcscpy
wcslen
ZwReadFile
ZwWriteFile
ZwSetInformationFile
memchr
ZwQueryInformationFile
ZwClose
swprintf
strchr
RtlCharToInteger
_strupr
IoReportResourceUsage
RtlQueryRegistryValues
wcsrchr
wcsstr
ZwEnumerateKey
ZwQueryKey
ZwOpenKey
KeServiceDescriptorTable
RtlCompareMemory
NtOpenFile
ZwUnmapViewOfSection
ZwMapViewOfSection
ZwCreateSection
strrchr
sprintf
_wcsupr
ZwEnumerateValueKey
KeI386SetGdtSelector
RtlInitAnsiString
KeI386AllocateGdtSelectors
ExSetTimerResolution
KeCancelTimer
IoDeleteDevice
IoDeleteSymbolicLink
ObfDereferenceObject
KeWaitForSingleObject
PsTerminateSystemThread
KeSetPriorityThread
IoUnregisterShutdownNotification
KeSetTimerEx
KeInitializeDpc
KeInitializeTimer
RtlIntegerToUnicodeString
IoRegisterShutdownNotification
KeInitializeSpinLock
ObReferenceObjectByHandle
PsCreateSystemThread
KeInitializeEvent
IoCreateSymbolicLink
IoCreateDevice
RtlAppendUnicodeToString
RtlCopyUnicodeString
IoCreateNotificationEvent
KeSynchronizeExecution
IoConnectInterrupt
IoDisconnectInterrupt
MmMapLockedPagesSpecifyCache
IofCallDriver
IoBuildDeviceIoControlRequest
IoGetDeviceObjectPointer
RtlGetVersion
PsGetVersion
RtlWriteRegistryValue
RtlAppendUnicodeStringToString
RtlCompareUnicodeString
ZwOpenFile
_wcsicmp
RtlTimeFieldsToTime
KeBugCheck
RtlAnsiStringToUnicodeString
RtlFreeUnicodeString
IoAllocateMdl
MmBuildMdlForNonPagedPool
MmMapLockedPages
KeGetCurrentThread
MmUnmapLockedPages
IoFreeMdl
MmUnmapIoSpace
MmGetPhysicalAddress
MmMapIoSpace
IoQueryDeviceDescription
ExAllocatePoolWithTag
ExFreePoolWithTag
KeI386ReleaseGdtSelectors
wcscmp

hal

KfLowerIrql
HalQueryRealTimeClock
HalSetRealTimeClock
HalAssignSlotResources
HalGetBusData
KfRaiseIrql
HalTranslateBusAddress
KeStallExecutionProcessor
KfAcquireSpinLock
KfReleaseSpinLock
ExAcquireFastMutex
ExReleaseFastMutex
HalGetInterruptVector

ks.sys

KsLoadResource

Sections

init
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGELK
Size: 640B - Virtual size: 635B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e2b945278bde482d9977d3309a691742

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

hal

ks.sys

Sections

init Size: 1KB - Virtual size: 1KB

.text Size: 16KB - Virtual size: 16KB

.data Size: 12KB - Virtual size: 12KB

PAGELK Size: 640B - Virtual size: 635B

INIT Size: 8KB - Virtual size: 8KB

.rsrc Size: 19KB - Virtual size: 19KB

.reloc Size: 2KB - Virtual size: 2KB

init
Size: 1KB - Virtual size: 1KB

.text
Size: 16KB - Virtual size: 16KB

.data
Size: 12KB - Virtual size: 12KB

PAGELK
Size: 640B - Virtual size: 635B

INIT
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 19KB - Virtual size: 19KB

.reloc
Size: 2KB - Virtual size: 2KB