bd9ee6fce2653346ce823f5098833fb1_JaffaCakes118

General

Target

bd9ee6fce2653346ce823f5098833fb1_JaffaCakes118
Size

22KB
MD5

bd9ee6fce2653346ce823f5098833fb1
SHA1

8c8900c1c1235eaac769cac5cee7a9d996319f22
SHA256

fc44d7df2e3c28d3a81baa8a8d10096604bfde24d5f25edb982d9591c8af33ab
SHA512

975ae22131a78f0f68dc6723b353682424ac8cfff405789334c7152ceb2c40264ec38251db9485b128ad4f85e5bf79436c647949e7226cefe2c4297b3be8feff
SSDEEP

384:3lDUAQz3B8Y+HS9OuQvjLRep6lRcIxYL76+j+mgmIkpJnXKU2Ym:VaR8PHcOT7Ve+RbM6wwPkpJnXKU2Ym

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bd9ee6fce2653346ce823f5098833fb1_JaffaCakes118

Files

bd9ee6fce2653346ce823f5098833fb1_JaffaCakes118
.sys windows:4 windows x86 arch:x86

4141d6381fa2a6513e4b20e7459d087b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlDeleteRange
KeIsExecutingDpc
MmUnmapViewOfSection
KeAcquireSpinLockAtDpcLevel
ZwQueryDefaultLocale
ZwQueryInformationFile
DbgPrint
ExInitializePagedLookasideList
ExInterlockedInsertTailList
FsRtlUninitializeLargeMcb
NtSetQuotaInformationFile
wcsncmp
CcPrepareMdlWrite
ExFreePool
KefReleaseSpinLockFromDpcLevel
IoAttachDeviceToDeviceStack
KeReleaseMutex
_wcsicmp
ExAllocatePool
mbtowc
ZwDeleteValueKey
ZwQueryInformationProcess
RtlLookupElementGenericTableFull
CcSetLogHandleForFile
FsRtlCopyWrite
ExInterlockedAddLargeInteger
PsGetVersion

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

ILIT
Size: 1024B - Virtual size: 614B

IMAGE_SCN_MEM_READ

.bac
Size: 512B - Virtual size: 260B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.cab
Size: 512B - Virtual size: 52B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 340B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 26B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4141d6381fa2a6513e4b20e7459d087b

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 8KB - Virtual size: 8KB

.rdata Size: 1KB - Virtual size: 1KB

ILIT Size: 1024B - Virtual size: 614B

.bac Size: 512B - Virtual size: 260B

.cab Size: 512B - Virtual size: 52B

.data Size: 512B - Virtual size: 340B

.rsrc Size: 8KB - Virtual size: 8KB

.reloc Size: 512B - Virtual size: 26B

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 1KB - Virtual size: 1KB

ILIT
Size: 1024B - Virtual size: 614B

.bac
Size: 512B - Virtual size: 260B

.cab
Size: 512B - Virtual size: 52B

.data
Size: 512B - Virtual size: 340B

.rsrc
Size: 8KB - Virtual size: 8KB

.reloc
Size: 512B - Virtual size: 26B