eb824a12284820448107087639618a4b_JaffaCakes118

General

Target

eb824a12284820448107087639618a4b_JaffaCakes118
Size

745KB
MD5

eb824a12284820448107087639618a4b
SHA1

a8d8f1743463f119056c028cd88ee7b9996260eb
SHA256

43d728cb3ceb6c3a9d53568deb6aa7c0c0a3d225157c549e74c07751c1f5eee1
SHA512

3d98a196a9f9c75f24274344c1c8b173fe0cd38ce87f25072084d89fe2903b316f7fc7d734bca06d4c274566adcbfcf38dbe59b734a1e40a27dc58b5096a7c06
SSDEEP

12288:IEi6G8EMUvkvUHyHqUFvY17Db7gmOUhQ8+/v7yN1GkSdHa3VtfOmUQtpJ6ar/+k8:Xi6G8E1vH1UFv+b7GOQpX7GoXVaF5bJ6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
eb824a12284820448107087639618a4b_JaffaCakes118

Files

eb824a12284820448107087639618a4b_JaffaCakes118
.sys windows:4 windows x86 arch:x86

3e48a0c4b4bad5489661ca916d22f99e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExAllocatePoolWithTag
RtlInitUnicodeString
KeInitializeEvent
KeSetEvent
IofCallDriver
IofCompleteRequest
ExFreePoolWithTag
RtlCompareMemory
IoDeleteDevice
IoCreateDevice
IoFreeIrp
ObfDereferenceObject
IoDetachDevice
RtlFreeUnicodeString
IoAllocateIrp
KeInitializeDpc
ZwOpenKey
RtlQueryRegistryValues
IoOpenDeviceRegistryKey
IoFreeMdl
KeCancelTimer
IoQueueWorkItem
IoAllocateMdl
KeInitializeTimer
KeSetTimer
IoSetDeviceInterfaceState
IoRegisterDeviceInterface
ZwSetValueKey
PoRequestPowerIrp
PsCreateSystemThread
IoGetDeviceProperty
KeAcquireSpinLockAtDpcLevel
IoReleaseCancelSpinLock
RtlAnsiStringToUnicodeString
RtlInitAnsiString
IoDeleteSymbolicLink
_vsnwprintf
RtlUnicodeStringToAnsiString
KeResetEvent
MmMapIoSpace
IoReleaseRemoveLockEx
ZwCreateKey
IoCreateSymbolicLink
IoGetAttachedDeviceReference
KeSetTimerEx
ExInitializeNPagedLookasideList
ZwCreateFile
RtlWriteRegistryValue
MmProbeAndLockPages
IoInvalidateDeviceRelations
IoGetDmaAdapter
MmUnlockPages
KeSetPriorityThread
KeRemoveQueueDpc
ZwQuerySystemInformation

Sections

.text
Size: 315KB - Virtual size: 314KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 412KB - Virtual size: 411KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3e48a0c4b4bad5489661ca916d22f99e

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 315KB - Virtual size: 314KB

.rdata Size: 512B - Virtual size: 224B

.data Size: 14KB - Virtual size: 13KB

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 412KB - Virtual size: 411KB

.text
Size: 315KB - Virtual size: 314KB

.rdata
Size: 512B - Virtual size: 224B

.data
Size: 14KB - Virtual size: 13KB

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 412KB - Virtual size: 411KB