d5817e142a43698d77b519b3b84823cf_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d5817e142a43698d77b519b3b84823cf_JaffaCakes118
Size

227KB
MD5

d5817e142a43698d77b519b3b84823cf
SHA1

d719508302059955c4045fe9b0259123abadb9d8
SHA256

42db1cc3b99e385dda20a77570145517a012313dda4cec9a149d7dd4380af2ee
SHA512

b9373f4a8b81a307903d71f01839f2ac59daf523ebc975f5f7f62d97b0de9e2547a40bbe2e73d61e46590fc0d8fee77f4d4701732a11f2e7025c9dbfdd124e82
SSDEEP

6144:m/LVgESmAiMUkiBP1qHjWMcZdEvXtWOc:m/LVgEGnUkCNyWMcZgHc

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d5817e142a43698d77b519b3b84823cf_JaffaCakes118

Files

d5817e142a43698d77b519b3b84823cf_JaffaCakes118
.sys windows:5 windows x86 arch:x86

12eacf8602c7de5ad0493e8bb5fe9887

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IofCompleteRequest
IoInvalidateDeviceRelations
RtlCopyUnicodeString
ExAllocatePoolWithTag
IoDeleteDevice
IoAttachDeviceToDeviceStack
IoRegisterDeviceInterface
KeInitializeEvent
IoCreateDevice
IoSetDeviceInterfaceState
KeLeaveCriticalRegion
KeEnterCriticalRegion
IoRequestDeviceEject
KeWaitForSingleObject
IofCallDriver
ObfReferenceObject
KeSetEvent
PoCallDriver
PoStartNextPowerIrp
PoSetPowerState
swprintf
ObfDereferenceObject
IoBuildSynchronousFsdRequest
IoGetAttachedDeviceReference
ZwClose
ZwEnumerateKey
ZwQueryKey
ZwOpenKey
RtlInitUnicodeString
ZwQueryValueKey
KeTickCount
KeBugCheckEx
KeClearEvent
IoDetachDevice
ExFreePoolWithTag

hal

ExReleaseFastMutex
ExAcquireFastMutex

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 313B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.UPX0
Size: 768B - Virtual size: 738B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.UPX1
Size: 212KB - Virtual size: 211KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 472B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

12eacf8602c7de5ad0493e8bb5fe9887

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 3KB - Virtual size: 3KB

.rdata Size: 512B - Virtual size: 313B

.data Size: 1KB - Virtual size: 1KB

PAGE Size: 7KB - Virtual size: 6KB

INIT Size: 1KB - Virtual size: 1KB

.UPX0 Size: 768B - Virtual size: 738B

.UPX1 Size: 212KB - Virtual size: 211KB

.reloc Size: 512B - Virtual size: 472B

.text
Size: 3KB - Virtual size: 3KB

.rdata
Size: 512B - Virtual size: 313B

.data
Size: 1KB - Virtual size: 1KB

PAGE
Size: 7KB - Virtual size: 6KB

INIT
Size: 1KB - Virtual size: 1KB

.UPX0
Size: 768B - Virtual size: 738B

.UPX1
Size: 212KB - Virtual size: 211KB

.reloc
Size: 512B - Virtual size: 472B