ce1988c465e3f31429045498722e28a4_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ce1988c465e3f31429045498722e28a4_JaffaCakes118
Size

749KB
MD5

ce1988c465e3f31429045498722e28a4
SHA1

71cca7bbaf94bec2fed0edf7c8d686d0c907732f
SHA256

05c7a4f7cba87dd2565ba342498d37616dc1be40a0835ce1c9ec3f8840f1050b
SHA512

3cfa2bf1694c5fa5a868d838e218e735ec6d0dce74927ccc45f9f786dcaea70b99c491afe9901ca1fcb27669898ebe444da1af30efac9d75ae6a78d8fd0a054e
SSDEEP

12288:pwwvUVByLwdzoH4lqDCMRKWL+L0EJuWNg1Fp0EZnSpk0Urj2mYrEtRRC8i/GQ/wv:l8yLwpoOqvoUEJuv17Okj+Itqb2l

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ce1988c465e3f31429045498722e28a4_JaffaCakes118

Files

ce1988c465e3f31429045498722e28a4_JaffaCakes118
.sys windows:4 windows x86 arch:x86

49fddd00e42534644595fa881101b6a6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwQuerySystemInformation
ExAllocatePoolWithTag
ExFreePoolWithTag
FsRtlLookupLargeMcbEntry
CcSetAdditionalCacheAttributes
SeAuditingFileEvents
MmIsAddressValid
PsThreadType
FsRtlIsFatDbcsLegal
PsEstablishWin32Callouts
_strlwr
SeAssignSecurity
KeSetKernelStackSwapEnable
_wcsicmp
PsSetLoadImageNotifyRoutine
NtSetInformationFile
RtlCopyLuid
MmUnlockPagableImageSection
IoRegisterPlugPlayNotification
isspace
NtWaitForSingleObject
PoRegisterDeviceNotify
IoGetRequestorProcessId
KeI386AllocateGdtSelectors
RtlCompressBuffer
KeReleaseSemaphore
MmUnmapLockedPages
ZwAlertThread
RtlMultiByteToUnicodeSize
KeDetachProcess
InterlockedIncrement
Exi386InterlockedDecrementLong
RtlGetOwnerSecurityDescriptor
ZwCreateEvent
FsRtlCheckOplock
RtlDescribeChunk
_strrev
IoQueryDeviceDescription
IoBuildAsynchronousFsdRequest
ObOpenObjectByName
RtlUnicodeStringToAnsiSize
IoCreateFile
IoDeleteDevice
InbvNotifyDisplayOwnershipLost
IoRegisterDeviceInterface
Mm64BitPhysicalAddress
NtQuerySecurityObject
RtlDecompressFragment
IoReadTransferCount
_snprintf
RtlFindSetBitsAndClear
FsRtlLegalAnsiCharacterArray
SeDeleteObjectAuditAlarm
RtlCheckRegistryKey
IoReportResourceForDetection
IoSetThreadHardErrorMode
FsRtlDeleteKeyFromTunnelCache
PsReferencePrimaryToken
RtlGetNtGlobalFlags

Sections

.text
Size: 342KB - Virtual size: 342KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 324B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 393KB - Virtual size: 393KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

49fddd00e42534644595fa881101b6a6

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 342KB - Virtual size: 342KB

.rdata Size: 512B - Virtual size: 324B

.data Size: 9KB - Virtual size: 22KB

INIT Size: 2KB - Virtual size: 1KB

.reloc Size: 393KB - Virtual size: 393KB

.text
Size: 342KB - Virtual size: 342KB

.rdata
Size: 512B - Virtual size: 324B

.data
Size: 9KB - Virtual size: 22KB

INIT
Size: 2KB - Virtual size: 1KB

.reloc
Size: 393KB - Virtual size: 393KB