cfc05f6d5e2a41bec35340c63a681520_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

cfc05f6d5e2a41bec35340c63a681520_JaffaCakes118
Size

131KB
MD5

cfc05f6d5e2a41bec35340c63a681520
SHA1

f2849c7dd300df3015da7e38e18e105ae9ad6629
SHA256

5f9974867243168579302f567e0e52a60aecb3726d48d6870dd3f9cc95ee6780
SHA512

002b64e0ae4c9e32de7533643eaa2c8479ea05034c48dd1c2961065f077fceb74fbc781b4c4ba9a0149d5154c07a090123e32d712b4a42f3860c1591787158c5
SSDEEP

1536:Xadm2nrYjPsVcRpJHKO3w6vc986b4ZCgSJBIrzxEnU/hP8EdXNHiX8PLUfXm9M+5:XahEocTJU6vcOEgrpPLd9HiX4LUfXTE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cfc05f6d5e2a41bec35340c63a681520_JaffaCakes118

Files

cfc05f6d5e2a41bec35340c63a681520_JaffaCakes118
.sys windows:5 windows x86 arch:x86

3fa7d2531060e943ca6be03d4f4bf20b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

KeWaitForSingleObject
KeInitializeSpinLock
RtlFreeAnsiString
RtlFreeUnicodeString
IoDeleteDevice
sprintf
KeSetEvent
PsCreateSystemThread
RtlUnicodeStringToAnsiString
ZwClose
IoCreateDevice
strncmp
strstr
KeQuerySystemTime
strncpy
MmIsAddressValid
ExAllocatePoolWithTag
ExFreePoolWithTag
ExGetPreviousMode
wcsncpy
RtlInitAnsiString
wcsncat
IoFreeMdl
IoDriverObjectType
MmProbeAndLockPages
MmUnlockPages
ObReferenceObjectByName
IoUnregisterFsRegistrationChange
IoRegisterFsRegistrationChange
IoAllocateMdl
KeDelayExecutionThread
ZwReadFile
ZwCreateFile
ZwQueryInformationFile
ZwWriteFile
ZwQuerySystemInformation
RtlImageDirectoryEntryToData
tolower
ExAllocatePool
ObReferenceObjectByHandle
isupper
ZwQueryDirectoryFile
ZwDeleteFile
ZwOpenFile
MmMapLockedPages
ZwOpenDirectoryObject
ZwQueryValueKey
isdigit
ZwQueryDirectoryObject
_wcsicmp
RtlCompareUnicodeString
ZwCreateKey
ZwDeleteValueKey
ZwSetValueKey
ZwEnumerateValueKey
KeServiceDescriptorTable
ZwLoadDriver
ZwEnumerateKey
ZwOpenKey
strchr
RtlInitUnicodeString
RtlTimeToTimeFields
KeTickCount
KeInitializeEvent
PsTerminateSystemThread
ZwDeleteKey
ZwFlushKey
KeInitializeSemaphore
KeReleaseSemaphore
KeReadStateSemaphore
isspace
toupper
RtlAnsiStringToUnicodeString
IofCompleteRequest
ExFreePool
memcpy
memset
_except_handler3
_allrem

hal

KfLowerIrql
KeGetCurrentIrql
KfRaiseIrql

Sections

UXl0%@uU
Size: - Virtual size: 127KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

g5EW(Udp
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

&r'aik47
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

gxAIidpC
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

E#0HJBlf
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

I8-.fMr`
Size: - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_WRITE

jT.Imwy^
Size: 130KB - Virtual size: 129KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

lGs?qc;.
Size: 512B - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3fa7d2531060e943ca6be03d4f4bf20b

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

UXl0%@uU Size: - Virtual size: 127KB

g5EW(Udp Size: - Virtual size: 16KB

&r'aik47 Size: - Virtual size: 24KB

gxAIidpC Size: - Virtual size: 2KB

E#0HJBlf Size: - Virtual size: 8KB

I8-.fMr` Size: - Virtual size: 18KB

jT.Imwy^ Size: 130KB - Virtual size: 129KB

lGs?qc;. Size: 512B - Virtual size: 108B

UXl0%@uU
Size: - Virtual size: 127KB

g5EW(Udp
Size: - Virtual size: 16KB

&r'aik47
Size: - Virtual size: 24KB

gxAIidpC
Size: - Virtual size: 2KB

E#0HJBlf
Size: - Virtual size: 8KB

I8-.fMr`
Size: - Virtual size: 18KB

jT.Imwy^
Size: 130KB - Virtual size: 129KB

lGs?qc;.
Size: 512B - Virtual size: 108B