dfedff2ed06e9b55fdbabb5a7d5fd5f9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

dfedff2ed06e9b55fdbabb5a7d5fd5f9_JaffaCakes118
Size

22KB
MD5

dfedff2ed06e9b55fdbabb5a7d5fd5f9
SHA1

87f8584e12df9823cff5b353d1e3ab25d4d94072
SHA256

d2c295703ac94312662ea4fcd90ecbc66fb34da8b4111b1a353b583e3344296b
SHA512

7ac490fc62809b04440f6a5dd7df75d05f708e1790f7690dd51cfec94dca998f7394b252f760aef9bb2d37d166209931a0fc708ce5907831d439eab9ec44a4b8
SSDEEP

384:6XdmevD5vWP2GW96YLbSa9+7R77LYtFIXTEqChWFMAP0ez+EteBVAWP2GW9:+U2bv476tFIPCmMAc2+RVh2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dfedff2ed06e9b55fdbabb5a7d5fd5f9_JaffaCakes118

Files

dfedff2ed06e9b55fdbabb5a7d5fd5f9_JaffaCakes118
.sys windows:5 windows x86 arch:x86

80ceafa87487c2a1e5e0a913df0055d1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

mspclock.pdb

Imports

ntoskrnl.exe

IoDeleteDevice
IoAttachDeviceToDeviceStack
IoCreateDevice
KeLeaveCriticalRegion
ExReleaseFastMutexUnsafe
ExAcquireFastMutexUnsafe
KeEnterCriticalRegion
IofCompleteRequest
ExFreePool
KeInitializeEvent
ExAllocatePoolWithTag
KeTickCount

ks.sys

KsiDefaultClockAddMarkEvent
KsiPropertyDefaultClockGetFunctionTable
KsiPropertyDefaultClockGetState
KsiPropertyDefaultClockGetResolution
KsiPropertyDefaultClockGetCorrelatedPhysicalTime
KsiPropertyDefaultClockGetCorrelatedTime
KsiPropertyDefaultClockGetPhysicalTime
KsiPropertyDefaultClockGetTime
KsSetDevicePnpAndBaseObject
KsAllocateDeviceHeader
KsSetDefaultClockTime
KsSetDefaultClockState
KsDereferenceSoftwareBusObject
KsAllocateObjectHeader
KsAllocateDefaultClock
KsReferenceSoftwareBusObject
KsFreeObjectHeader
KsFreeDefaultClock
KsFreeEventList
KsPropertyHandler
KsEnableEvent
KsDisableEvent
KsNullDriverUnload
KsSetMajorFunctionHandler
KsDefaultForwardIrp
KsDefaultDispatchPower
KsDefaultDispatchPnp

Sections

.text
Size: 128B - Virtual size: 96B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.hbyh
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 256B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

80ceafa87487c2a1e5e0a913df0055d1

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

ks.sys

Sections

.text Size: 128B - Virtual size: 96B

.data Size: 128B - Virtual size: 8B

PAGE Size: 1KB - Virtual size: 1KB

INIT Size: 1KB - Virtual size: 1KB

.hbyh Size: 17KB - Virtual size: 17KB

.rsrc Size: 1024B - Virtual size: 1000B

.reloc Size: 256B - Virtual size: 240B

.text
Size: 128B - Virtual size: 96B

.data
Size: 128B - Virtual size: 8B

PAGE
Size: 1KB - Virtual size: 1KB

INIT
Size: 1KB - Virtual size: 1KB

.hbyh
Size: 17KB - Virtual size: 17KB

.rsrc
Size: 1024B - Virtual size: 1000B

.reloc
Size: 256B - Virtual size: 240B