dfa2a2a3b5f0dd78290717ee1fd66db6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

dfa2a2a3b5f0dd78290717ee1fd66db6_JaffaCakes118
Size

22KB
MD5

dfa2a2a3b5f0dd78290717ee1fd66db6
SHA1

6b990c3ed6443dce29f243b261043e2ade52831d
SHA256

407a4285f836aaf068626187644fe56d84822e658f71f774fe601ed2ce49043e
SHA512

177cc54d0e56c539453a7db85513a0be9bfa400553a046e4115319d1485478cb92844ed441bf115c94ab95a494887c9c5a572a978198fff190a4d14e67e2b782
SSDEEP

384:HaEX+Jh4wRLgTMkX1f5Iz4FjBXsWFW58jkW1ySfyCPiFd23zt2o5PXMU/buQpITb:6EXliLRkLIK+W5j7fDP1MU/ai8Xj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dfa2a2a3b5f0dd78290717ee1fd66db6_JaffaCakes118

Files

dfa2a2a3b5f0dd78290717ee1fd66db6_JaffaCakes118
.sys windows:5 windows x86 arch:x86

5cbd5f34785a4053b0ab3f8d001419a2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

irenum.pdb

Imports

ntoskrnl.exe

IofCompleteRequest
wcscat
wcscpy
wcslen
ObfReferenceObject
ExAllocatePoolWithTag
ZwClose
ZwSetValueKey
RtlInitUnicodeString
IoOpenDeviceRegistryKey
PoStartNextPowerIrp
ExFreePoolWithTag
IofCallDriver
MmUnlockPagableImageSection
MmLockPagableDataSection
DbgBreakPoint
RtlQueryRegistryValues
IoDeleteDevice
IoAttachDeviceToDeviceStack
IoCreateDevice
IoDetachDevice
DbgPrint
PoCallDriver
KeSetEvent
KeWaitForSingleObject
KeInitializeEvent
RtlAnsiStringToUnicodeString
RtlInitAnsiString
RtlAppendUnicodeToString
sprintf
ObfDereferenceObject
IoInvalidateDeviceRelations
wcscmp
PsTerminateSystemThread
KeCancelTimer
KeResetEvent
KeWaitForMultipleObjects
KeSetTimer
KeClearEvent
ObReferenceObjectByHandle
PsCreateSystemThread
IoCreateNotificationEvent
KeInitializeTimerEx
KeTickCount
KeBugCheckEx
ZwCreateFile
ZwWaitForSingleObject
ZwDeviceIoControlFile

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 287B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.daix
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 640B - Virtual size: 566B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5cbd5f34785a4053b0ab3f8d001419a2

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Sections

.text Size: 1KB - Virtual size: 1KB

.rdata Size: 384B - Virtual size: 287B

.data Size: 128B - Virtual size: 40B

PAGE Size: 4KB - Virtual size: 4KB

INIT Size: 1KB - Virtual size: 1KB

.daix Size: 11KB - Virtual size: 11KB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 640B - Virtual size: 566B

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 384B - Virtual size: 287B

.data
Size: 128B - Virtual size: 40B

PAGE
Size: 4KB - Virtual size: 4KB

INIT
Size: 1KB - Virtual size: 1KB

.daix
Size: 11KB - Virtual size: 11KB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 640B - Virtual size: 566B