de66559c4594c488ae2bec3d3dd148d5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

de66559c4594c488ae2bec3d3dd148d5_JaffaCakes118
Size

145KB
MD5

de66559c4594c488ae2bec3d3dd148d5
SHA1

d9b7422027758e71bdaf6289322636cae4db3b56
SHA256

fa2c983acb5871f29ec62a39032534e3ceec4ed341959b3dfd0cb7a5ff5ae54c
SHA512

1cc7579fbed4893d11a86f29e57a86fc76a8b9a73db2a48918c445903e92c3ca5a21b8ca46e704c0403a303ab7d065030bc386f461afc39256982f5246afde68
SSDEEP

3072:aspHNM42bblVikrAffhHk20/csxhl4GlVXuBAWKsgC4rKJ:VtM4KbTikcffhHk20/t2uKJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
de66559c4594c488ae2bec3d3dd148d5_JaffaCakes118

Files

de66559c4594c488ae2bec3d3dd148d5_JaffaCakes118
.sys windows:6 windows x86 arch:x86

32c5874e5a1f8bc36b2e05a99431435e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

pci.pdb

Imports

ntoskrnl.exe

RtlFindRange
KeLeaveCriticalRegion
KeSetEvent
KeWaitForSingleObject
KeEnterCriticalRegion
PoUnregisterPowerSettingCallback
IoGetDeviceProperty
IoReleaseRemoveLockEx
IoAcquireRemoveLockEx
PoRegisterPowerSettingCallback
_allmul
RtlFindClosestEncodableLength
RtlIoEncodeMemIoResource
memcpy
ZwSetValueKey
ZwDeleteKey
RtlEqualUnicodeString
ZwCreateKey
RtlIntegerToUnicodeString
ZwClose
IoDeleteDevice
IoDetachDevice
IoAttachDeviceToDeviceStack
RtlAreBitsClear
RtlSetBits
RtlClearAllBits
RtlInitializeBitMap
IoInitializeRemoveLockEx
KeInitializeEvent
IoCreateDevice
RtlFindLongestRunClear
RtlFindSetBits
RtlSetBit
RtlClearBits
IofCallDriver
KeFlushQueuedDpcs
IoReleaseRemoveLockAndWaitEx
_aullrem
IofCompleteRequest
ObfReferenceObject
PoRequestPowerIrp
PoCallDriver
KeBugCheckEx
IoGetDmaAdapter
ObfDereferenceObject
VfFailDeviceNode
IoOpenDeviceRegistryKey
RtlInitUnicodeString
MmUnmapIoSpace
PoSetPowerState
KeQueryActiveProcessorCount
KdEnableDebugger
KeIpiGenericCall
KdDisableDebugger
IoCancelIrp
KeDelayExecutionThread
KeQueryTimeIncrement
PoSetSystemWake
KefReleaseSpinLockFromDpcLevel
KefAcquireSpinLockAtDpcLevel
PoGetSystemWake
IoReleaseCancelSpinLock
RtlIsRangeAvailable
EmClientQueryRuleState
ExUnregisterCallback
ExfInterlockedInsertTailList
ExRegisterCallback
ExCreateCallback
KeInitializeDpc
WheaAddErrorSource
HalDispatchTable
_allshl
EmProviderRegister
EmProviderDeregister
EmClientRuleEvaluate
InitSafeBootMode
ExIsProcessorFeaturePresent
ZwEnumerateValueKey
ZwQueryKey
KeCancelTimer
IoRequestDeviceEjectEx
KeSetTimer
KeInitializeTimer
RtlFindMessage
ZwQuerySystemInformation
RtlFreeUnicodeString
RtlFindLeastSignificantBit
NtQuerySystemInformation
ZwOpenKey
RtlCopyUnicodeString
RtlFindMostSignificantBit
WRITE_REGISTER_BUFFER_ULONG
RtlQueryRegistryValues
READ_REGISTER_BUFFER_ULONG
WheaReportHwError
WheaGetErrorSource
KeClearEvent
IoDisconnectInterruptEx
IoConnectInterruptEx
KeInsertQueueDpc
KeSynchronizeExecution
PsTerminateSystemThread
KeWaitForMultipleObjects
ExfInterlockedRemoveHeadList
HalPrivateDispatchTable
IoAssignResources
IoSetDevicePropertyData
IoGetDevicePropertyData
MmMapIoSpace
ObReferenceObjectByHandle
PsCreateSystemThread
WheaRegisterErrSrcInitializer
RtlCmEncodeMemIoResource
IoBuildSynchronousFsdRequest
IoGetAttachedDeviceReference
IoBuildDeviceIoControlRequest
ZwQueryValueKey
IoUnregisterPlugPlayNotification
VfFailSystemBIOS
IoRegisterPlugPlayNotification
VfIsVerificationEnabled
KeTickCount
RtlUnwind
RtlGetFirstRange
RtlGetNextRange
memset
ExAllocatePoolWithTag
_vsnwprintf
_aulldiv
RtlIoDecodeMemIoResource
RtlCmDecodeMemIoResource
RtlInitializeRangeList
RtlAddRange
RtlInvertRangeList
RtlFreeRangeList
IoInvalidateDeviceRelations
ExFreePoolWithTag
RtlDeleteOwnersRanges
RtlCopyRangeList
RtlDeleteRange
_wcsicmp

hal

KeAcquireInStackQueuedSpinLock
KfReleaseSpinLock
HalGetBusDataByOffset
HalGetMessageRoutingInfo
HalGetInterruptTargetInformation
KeStallExecutionProcessor
KeReleaseInStackQueuedSpinLock
KeGetCurrentIrql
HalTranslateBusAddress
KfAcquireSpinLock

pshed

PshedGetErrorSourceInfo
PshedRetrieveErrorInfo

Sections

.text
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGEKD
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

32c5874e5a1f8bc36b2e05a99431435e

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

hal

pshed

Sections

.text Size: 38KB - Virtual size: 38KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 2KB - Virtual size: 6KB

PAGE Size: 70KB - Virtual size: 70KB

PAGEKD Size: 1KB - Virtual size: 1KB

INIT Size: 8KB - Virtual size: 7KB

.rsrc Size: 7KB - Virtual size: 7KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 38KB - Virtual size: 38KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 2KB - Virtual size: 6KB

PAGE
Size: 70KB - Virtual size: 70KB

PAGEKD
Size: 1KB - Virtual size: 1KB

INIT
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 7KB - Virtual size: 7KB

.reloc
Size: 4KB - Virtual size: 4KB