d0c5d0322e78314f7a82db5f1cae0856_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d0c5d0322e78314f7a82db5f1cae0856_JaffaCakes118
Size

47KB
MD5

d0c5d0322e78314f7a82db5f1cae0856
SHA1

53cc0653a33c63db69f84e591c621dece2b91a3e
SHA256

752c43effe8bf8366dffe67af186febbe84db2740a7b444b41d5174bf028c007
SHA512

6cd987ce43c1dd7c9159009ffff0728e6859406fa4c1726b5c93d75118bf9212607429bf944bbaeb3e593111548dd795ba023efe92aa335981ccc2f291dc316c
SSDEEP

384:WVOpVmTYx/WzJk12PBOQCh3c8Ihuz95u+ns4aJoBJd2diOmdu:WVcN4OFM8tm4aJoBzQKu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d0c5d0322e78314f7a82db5f1cae0856_JaffaCakes118

Files

d0c5d0322e78314f7a82db5f1cae0856_JaffaCakes118
.sys windows:4 windows x86 arch:x86

00f2753fba5dceefc01c25cd43f9a20a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

PsGetCurrentProcessId
RtlSetTimeZoneInformation
ZwUnloadKey
KdPollBreakIn
Exfi386InterlockedDecrementLong
RtlDecompressFragment
FsRtlRemoveLargeMcbEntry
NtReadFile
ZwResetEvent
CcScheduleReadAhead
ZwSetSystemTime
KeI386FlatToGdtSelector
RtlLargeIntegerShiftLeft
ExEventObjectType
RtlCreateRegistryKey
MmMapLockedPages
InterlockedCompareExchange
KdPollBreakIn
KiIpiServiceRoutine
ObCreateObject
PsEstablishWin32Callouts
IoStartPacket
NtQuerySecurityObject
FsRtlInitializeTunnelCache
ZwOpenProcess
ExQueueWorkItem
SeAccessCheck
ExReleaseResourceForThreadLite
SePrivilegeCheck
RtlLargeIntegerArithmeticShift
vsprintf
IoInitializeIrp
RtlUshortByteSwap
KeInitializeMutex
SeReleaseSecurityDescriptor
FsRtlLookupLargeMcbEntry
MmProbeAndLockPages
IoCreateNotificationEvent
SeFreePrivileges
_strset
IoCreateSynchronizationEvent
IoIsSystemThread
KeInsertQueueApc
RtlTimeToSecondsSince1970
KeSetTimeIncrement
IoStartNextPacket
KeSetTimer
towlower
RtlUnicodeStringToOemSize
FsRtlInitializeTunnelCache
PsChargePoolQuota
ZwCreateSection
RtlGetAce
FsRtlMdlReadComplete
ExfInterlockedPopEntryList
RtlNtStatusToDosError
KeInitializeMutant
IoSetThreadHardErrorMode
ZwSetSystemTime
RtlGetFirstRange
FsRtlNotifyFullReportChange
RtlEqualString
IofCallDriver
RtlCopyRangeList
RtlFindMessage
KeStackAttachProcess
IoFreeIrp
SeRegisterLogonSessionTerminatedRoutine
NtNotifyChangeDirectoryFile
RtlTimeToTimeFields
ExAcquireSharedStarveExclusive
RtlAreAllAccessesGranted
KeInitializeSemaphore
MmSetAddressRangeModified
KeInsertHeadQueue
NtQueryDirectoryFile
NtAllocateVirtualMemory

hal

HalAllocateCommonBuffer
IoFreeMapRegisters
WRITE_PORT_BUFFER_ULONG
HalGetEnvironmentVariable
HalSetEnvironmentVariable
HalSystemVectorDispatchEntry
IoMapTransfer
HalMakeBeep
IoWritePartitionTable
READ_PORT_BUFFER_USHORT
IoReadPartitionTable
WRITE_PORT_UCHAR
HalReadDmaCounter
HalClearSoftwareInterrupt
HalSetBusData
WRITE_PORT_ULONG
HalReadDmaCounter
ExTryToAcquireFastMutex
KeAcquireSpinLockRaiseToSynch
HalMakeBeep
KfReleaseSpinLock
HalRequestIpi
WRITE_PORT_BUFFER_UCHAR
KeGetCurrentIrql
KeAcquireQueuedSpinLockRaiseToSynch
HalInitSystem
HalAcquireDisplayOwnership
IoFreeMapRegisters
KeLowerIrql
WRITE_PORT_ULONG
HalReturnToFirmware
IoFreeMapRegisters
KeStallExecutionProcessor
IoFreeMapRegisters
WRITE_PORT_UCHAR
KfRaiseIrql
IoSetPartitionInformation
HalHandleNMI
WRITE_PORT_BUFFER_USHORT
WRITE_PORT_BUFFER_ULONG
HalAllocateCrashDumpRegisters
HalAllocateCrashDumpRegisters
HalInitSystem
READ_PORT_BUFFER_UCHAR
KeGetCurrentIrql
IoFlushAdapterBuffers
HalSetBusDataByOffset
KeReleaseQueuedSpinLock
KeReleaseSpinLock
HalReportResourceUsage
KeReleaseQueuedSpinLock
KeAcquireQueuedSpinLockRaiseToSynch
WRITE_PORT_BUFFER_USHORT
HalReportResourceUsage
HalSetBusData
HalQueryRealTimeClock
READ_PORT_ULONG
READ_PORT_ULONG
HalSetBusDataByOffset
HalSetTimeIncrement
HalCalibratePerformanceCounter
HalGetBusDataByOffset
HalSetTimeIncrement
HalInitializeProcessor
KfRaiseIrql
READ_PORT_USHORT
HalHandleNMI
HalMakeBeep
READ_PORT_UCHAR
HalAssignSlotResources
HalQueryRealTimeClock
ExReleaseFastMutex
HalAssignSlotResources
HalReturnToFirmware
IoReadPartitionTable
HalAllocateAdapterChannel

Sections

.text
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 128B - Virtual size: 128B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

00f2753fba5dceefc01c25cd43f9a20a

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 40KB - Virtual size: 40KB

INIT Size: 128B - Virtual size: 128B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 32B - Virtual size: 32B

.rdata Size: 4KB - Virtual size: 4KB

.text
Size: 40KB - Virtual size: 40KB

INIT
Size: 128B - Virtual size: 128B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 32B - Virtual size: 32B

.rdata
Size: 4KB - Virtual size: 4KB