d22fb95848b5e2508dbec3241538c1fd_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

d22fb95848b5e2508dbec3241538c1fd_JaffaCakes118
Size

723KB
MD5

d22fb95848b5e2508dbec3241538c1fd
SHA1

0785af02072b1640a7eef01d679152f459dc4022
SHA256

abe9020e9601ef292a8910fc5a7137ccd972b478c2d96e1d8aecc10047de3ec7
SHA512

1fbee291b3126579f5745a70c94dbb619e885748c41fa04dfb1f916e36d5b77514bb349b6b15488f8c7b184dcaf8f47af9740c7febcfe58f706a1ddfff39e7ec
SSDEEP

12288:JdZZ513fCiYe04LHBjSOHwxvbZjw8u5y3EF5n1EMco5BYAhrpp1alPASXgOY/0:J951Ns4rgOovbqF5IEjK2IcgYSwOY/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d22fb95848b5e2508dbec3241538c1fd_JaffaCakes118

Files

d22fb95848b5e2508dbec3241538c1fd_JaffaCakes118
.sys windows:4 windows x86 arch:x86

76cb512370280b75cd45d45b40ca075f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlInitUnicodeString
KeWaitForSingleObject
KeInitializeEvent
IofCallDriver
IofCompleteRequest
ExFreePoolWithTag
RtlCompareMemory
IoDeleteDevice
IoCreateDevice
ObfDereferenceObject
PoStartNextPowerIrp
IoAllocateIrp
MmMapLockedPagesSpecifyCache
ZwOpenKey
IoOpenDeviceRegistryKey
ExFreePool
KeInitializeTimer
IoAllocateWorkItem
IoBuildDeviceIoControlRequest
IoFreeWorkItem
IoWMIRegistrationControl
KeClearEvent
KeSetTimer
IoCancelIrp
PoSetPowerState
ZwSetValueKey
MmGetSystemRoutineAddress
KeReleaseSpinLockFromDpcLevel
PoRequestPowerIrp
KeAcquireSpinLockAtDpcLevel
MmBuildMdlForNonPagedPool
KeInsertQueueDpc
DbgPrint
RtlInitAnsiString
IoAllocateErrorLogEntry
IoDeleteSymbolicLink
MmUnmapIoSpace
IoInitializeRemoveLockEx
RtlUnicodeStringToAnsiString
MmMapIoSpace
IoReleaseRemoveLockEx
KeQueryTimeIncrement
RtlAppendUnicodeStringToString
KeInitializeMutex
IoCreateSymbolicLink
IoReleaseRemoveLockAndWaitEx
_vsnprintf
KeSetTimerEx
ExDeleteNPagedLookasideList
IoConnectInterrupt
ZwCreateFile
RtlWriteRegistryValue
IoInvalidateDeviceRelations
KeSetPriorityThread
KeRemoveQueueDpc
ZwQuerySystemInformation
ExAllocatePoolWithTag

Sections

.text
Size: 318KB - Virtual size: 318KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 385KB - Virtual size: 385KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

76cb512370280b75cd45d45b40ca075f

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 318KB - Virtual size: 318KB

.rdata Size: 512B - Virtual size: 232B

.data Size: 14KB - Virtual size: 13KB

INIT Size: 2KB - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 385KB - Virtual size: 385KB

.text
Size: 318KB - Virtual size: 318KB

.rdata
Size: 512B - Virtual size: 232B

.data
Size: 14KB - Virtual size: 13KB

INIT
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 385KB - Virtual size: 385KB