ea495f1b44ad17c50b554440dcd35245_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

ea495f1b44ad17c50b554440dcd35245_JaffaCakes118
Size

39KB
MD5

ea495f1b44ad17c50b554440dcd35245
SHA1

65d2f8b468b1d1ae3cb1dd4e2a5217410cbf85a9
SHA256

a8159fbe348271d4977565f6156d4b4efd77f2e13f5a86f8310f1bc1c60ab442
SHA512

094ae4141ea318540e286e624d902755d8928777dd7f2c3175abdcf4363090a806e073bb7bc10ed28a429f91e53684ba5913505cca66d775f509001e37b02e4a
SSDEEP

768:/B3aqSuJvkAWEqymmI4mJTDx7I3aOUWpxYOLdcen1Sf6s:/BJSmvkxy3PQd72UWXYmdcv6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ea495f1b44ad17c50b554440dcd35245_JaffaCakes118

Files

ea495f1b44ad17c50b554440dcd35245_JaffaCakes118
.sys windows:4 windows x86 arch:x86

dddf747f8de4631e14e8b624e34878b3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoRegisterDriverReinitialization
ZwClose
PsCreateSystemThread
RtlCopyUnicodeString
MmIsAddressValid
IofCompleteRequest
wcslen
swprintf
wcscat
wcscpy
RtlInitUnicodeString
_wcsnicmp
ObfDereferenceObject
IoDeviceObjectType
PsSetCreateProcessNotifyRoutine
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
ExFreePool
_snprintf
ExAllocatePoolWithTag
ZwSetValueKey
ZwQueryValueKey
ZwOpenKey
_except_handler3
RtlCompareUnicodeString
ZwDeleteKey
KeDelayExecutionThread
KeQuerySystemTime
RtlAnsiStringToUnicodeString
ZwCreateKey
wcsncpy
wcsrchr
_wcsicmp
strncpy
PsLookupProcessByProcessId
_stricmp
ObReferenceObjectByHandle
wcsstr
_wcslwr
IoGetCurrentProcess
ZwCreateFile
strncmp
PsGetVersion
KeTickCount
KeQueryTimeIncrement
ZwSetInformationFile
_snwprintf
wcschr
MmGetSystemRoutineAddress

Sections

.text
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 96B - Virtual size: 68B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGEWMI
Size: 32B - Virtual size: 10B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGEDRV
Size: 32B - Virtual size: 3B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 736B - Virtual size: 712B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dddf747f8de4631e14e8b624e34878b3

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 27KB - Virtual size: 27KB

.data Size: 6KB - Virtual size: 6KB

PAGE Size: 96B - Virtual size: 68B

PAGEWMI Size: 32B - Virtual size: 10B

PAGEDRV Size: 32B - Virtual size: 3B

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 736B - Virtual size: 712B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 27KB - Virtual size: 27KB

.data
Size: 6KB - Virtual size: 6KB

PAGE
Size: 96B - Virtual size: 68B

PAGEWMI
Size: 32B - Virtual size: 10B

PAGEDRV
Size: 32B - Virtual size: 3B

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 736B - Virtual size: 712B

.reloc
Size: 1KB - Virtual size: 1KB