eab3278a2489ff4cef59238d90fdd8c9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

eab3278a2489ff4cef59238d90fdd8c9_JaffaCakes118
Size

560KB
MD5

eab3278a2489ff4cef59238d90fdd8c9
SHA1

40ac1beaad116b02d34ebd261e6886de7d001372
SHA256

0c8f58d43085b0e300ccc49f438543aec980d91573e7bf2b76142fcd7e850c8e
SHA512

aa25b3ceee10f600ee541df1d6e964f5f16e4c1b2842bbe132f2f01c6d9a66012d7c1c785eb8c8a3af8fafced7ff204ce5e516312b0c19b7065b072c30fb79a4
SSDEEP

12288:01t3pVWo4WPUOjFDQhHeUClWFKGN57prp/Oo+V6TDXOI:0dpVWo4WsOjNQBeUC+NN57prp/GVY+I

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
eab3278a2489ff4cef59238d90fdd8c9_JaffaCakes118

Files

eab3278a2489ff4cef59238d90fdd8c9_JaffaCakes118
.sys windows:6 windows x86 arch:x86

e2469601c5da84886f0806bd0365dfff

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\gpkbuild\src\client\driver\objfre_wxp_x86\i386\GameProt.pdb

Imports

ntoskrnl.exe

ord44790
ord44810
ord44838
ord44852
ord44872
ord44892
ord44904
ord44924
ord44948
ord44970
ord44992
ord45016
ord45040
ord45052
ord45076
ord45104
ord45132
ord45148
ord45182
ord45206
ord45234
ord45266
ord45286
ord45302
ord45334
ord45356
ord45384
ord45410
ord45436
ord45460
ord45470
ord45494
ord45504
ord45516
ord45526
ord45546
ord45578
ord45594
ord44768
ord45648
ord45664
ord45680
ord45712
ord45734
ord45750
ord45766
ord45792
ord45818
ord45834
ord45854
ord45864
ord45878
ord45906
ord45922
ord45934
ord45962
ord45978
ord46002
ord46022
ord46032
ord46046
ord46066
ord46092
ord46118
ord46148
ord46182
ord46206
ord46228
ord46252
ord46286
ord46304
ord46328
ord46346
ord46370
ord46388
ord46400
ord46426
ord44756
ord44732
ord44710
ord44688
ord44678
ord44656
ord44626
ord45624
ord44596
ord46580

hal

ord46524
ord46504
ord46484
ord46470
ord46456
ord46544

Sections

.text
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data0
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data1
Size: 481KB - Virtual size: 481KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e2469601c5da84886f0806bd0365dfff

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

hal

Sections

.text Size: 34KB - Virtual size: 34KB

.rdata Size: 17KB - Virtual size: 17KB

.data Size: 3KB - Virtual size: 3KB

INIT Size: 8KB - Virtual size: 8KB

.data0 Size: 5KB - Virtual size: 5KB

.data1 Size: 481KB - Virtual size: 481KB

.reloc Size: 7KB - Virtual size: 7KB

.text
Size: 34KB - Virtual size: 34KB

.rdata
Size: 17KB - Virtual size: 17KB

.data
Size: 3KB - Virtual size: 3KB

INIT
Size: 8KB - Virtual size: 8KB

.data0
Size: 5KB - Virtual size: 5KB

.data1
Size: 481KB - Virtual size: 481KB

.reloc
Size: 7KB - Virtual size: 7KB