ce8a3b96c15842477e7a4688f7a52453_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ce8a3b96c15842477e7a4688f7a52453_JaffaCakes118
Size

127KB
MD5

ce8a3b96c15842477e7a4688f7a52453
SHA1

0b07ae1787e9e17626a3d899c6442a606ba5982a
SHA256

4a0ee8d167c753cd08ba1dae99fc3fcc9703a7db204d108a98a107132780ee9a
SHA512

91c83627680ec3ec506166273bcb5d9df832f424f5bc6ab3826c984d7b90cbc4b06043e4684a0526df4b26bf4e33d81fb56c275780529ed06d23fc9d433125ee
SSDEEP

3072:glyT24dP7+0cjYHwEMi5YQK2iXjhwlHfuSHXdEV9o3lBK5Gnd6iwzuMt:glyq4sjMh7K2QtUWSHX2S3lBK5Drz5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ce8a3b96c15842477e7a4688f7a52453_JaffaCakes118

Files

ce8a3b96c15842477e7a4688f7a52453_JaffaCakes118
.sys windows:5 windows x86 arch:x86

98684137c98ef6f9b864a937508bcef2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IofCompleteRequest
ObReferenceObjectByHandle
KeWaitForSingleObject
IoDeleteDevice
KeSetEvent
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
sprintf
IoCreateDevice
RtlFreeUnicodeString
PsCreateSystemThread
KeInitializeSpinLock
KeQuerySystemTime
strncpy
strncmp
MmIsAddressValid
MmUnlockPages
ObReferenceObjectByName
IoUnregisterFsRegistrationChange
IoRegisterFsRegistrationChange
IoAllocateMdl
ExAllocatePoolWithTag
ExFreePoolWithTag
ExGetPreviousMode
wcsncpy
RtlInitAnsiString
wcsncat
IoFreeMdl
IoDriverObjectType
MmProbeAndLockPages
KeInitializeEvent
KeDelayExecutionThread
ZwReadFile
ZwCreateFile
ZwQueryInformationFile
ZwWriteFile
ZwQuerySystemInformation
ZwClose
ExAllocatePool
ExFreePool
isupper
ZwQueryDirectoryFile
ZwDeleteFile
ZwOpenFile
ZwOpenDirectoryObject
ZwQueryValueKey
isdigit
ZwQueryDirectoryObject
_wcsicmp
RtlCompareUnicodeString
MmMapLockedPages
ZwDeleteValueKey
ZwSetValueKey
ZwEnumerateValueKey
KeServiceDescriptorTable
ZwLoadDriver
ZwEnumerateKey
ZwOpenKey
ZwCreateKey
strchr
RtlInitUnicodeString
RtlTimeToTimeFields
PsTerminateSystemThread
KeTickCount
ZwFlushKey
ZwDeleteKey
KeInitializeSemaphore
KeReleaseSemaphore
KeReadStateSemaphore
ExSystemTimeToLocalTime
toupper
isspace
RtlAnsiStringToUnicodeString
tolower
RtlImageDirectoryEntryToData
strstr
memcpy
memset
_except_handler3
_allmul
_alldiv
_allrem

hal

KeGetCurrentIrql
KfRaiseIrql
KfLowerIrql

Sections

qs"L3.+:
Size: - Virtual size: 134KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

s^'hEIIb
Size: - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

nE%"$@^k
Size: - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

A@6ZX1/d
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ao5e/<(h
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

E]4P-w#:
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_WRITE

(r?k$&RU
Size: 125KB - Virtual size: 125KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.!';N]uU
Size: 512B - Virtual size: 116B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

98684137c98ef6f9b864a937508bcef2

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

qs"L3.+: Size: - Virtual size: 134KB

s^'hEIIb Size: - Virtual size: 18KB

nE%"$@^k Size: - Virtual size: 25KB

A@6ZX1/d Size: - Virtual size: 1KB

ao5e/<(h Size: - Virtual size: 8KB

E]4P-w#: Size: - Virtual size: 12KB

(r?k$&RU Size: 125KB - Virtual size: 125KB

.!';N]uU Size: 512B - Virtual size: 116B

qs"L3.+:
Size: - Virtual size: 134KB

s^'hEIIb
Size: - Virtual size: 18KB

nE%"$@^k
Size: - Virtual size: 25KB

A@6ZX1/d
Size: - Virtual size: 1KB

ao5e/<(h
Size: - Virtual size: 8KB

E]4P-w#:
Size: - Virtual size: 12KB

(r?k$&RU
Size: 125KB - Virtual size: 125KB

.!';N]uU
Size: 512B - Virtual size: 116B