ebb75f18ea6b285b373318377e127e1d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ebb75f18ea6b285b373318377e127e1d_JaffaCakes118
Size

822KB
MD5

ebb75f18ea6b285b373318377e127e1d
SHA1

bfb9fc32e2985c6cb07eba33adac2a09db952b80
SHA256

ad9cf0a78c078f126f4282c33021d2a48198c3f7c3ac797b20b50320ada88007
SHA512

a3d9aea32fca5521eb794dc1e1e558a64bcf4605db6f91f32090e37ac1ec05d3f8c465efa368b8ff7792f96536fad01d89585c1893d40fd097d470004d102e48
SSDEEP

12288:8c7c8r6Z81/MNO4OjQ5NnyMOkWbul8ONTx+NlauaEKrf4mFrAECmZYaYDw3TC:hmc/M4APOkWbuGOxEsi+XDYaYDS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ebb75f18ea6b285b373318377e127e1d_JaffaCakes118

Files

ebb75f18ea6b285b373318377e127e1d_JaffaCakes118
.sys windows:4 windows x86 arch:x86

f739c04df3289886d1519881391e8546

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExAllocatePoolWithTag
sprintf
ZwQuerySystemInformation
ExFreePoolWithTag
InbvNotifyDisplayOwnershipLost
NtCreateEvent
RtlUnicodeStringToOemString
RtlCompressBuffer
NlsOemLeadByteInfo
RtlTraceDatabaseFind
ZwOpenThread
PsGetVersion
IoIsOperationSynchronous
NtLockFile
RtlUnicodeToCustomCPN
IoAllocateDriverObjectExtension
IoCreateDevice
CcPurgeCacheSection
RtlExtendedMagicDivide
CcGetFileObjectFromSectionPtrs
RtlGetNtGlobalFlags
InbvEnableDisplayString
RtlGetSaclSecurityDescriptor
ZwEnumerateValueKey
RtlxOemStringToUnicodeSize
CcCopyWrite
_wcsrev
IoDeleteDevice
NtQueryInformationToken
IoCreateSymbolicLink
RtlAppendAsciizToString
RtlAreBitsSet
RtlSecondsSince1970ToTime
SeTokenType
RtlNtStatusToDosErrorNoTeb
RtlIntegerToChar
ExDisableResourceBoostLite
RtlLargeIntegerSubtract
PfxRemovePrefix
wcsspn
RtlUpcaseUnicodeToOemN
IoAssignResources
KeI386GetLid
RtlGenerate8dot3Name
ExInterlockedDecrementLong
KeInsertQueueDpc
ZwSetVolumeInformationFile
LsaLogonUser
CcMdlReadComplete
RtlAreAllAccessesGranted
KeReadStateMutex
PoUnregisterSystemState
IoAllocateErrorLogEntry
ZwQueryObject
IoCheckQuerySetFileInformation
CcFastCopyRead
MmMapViewInSessionSpace
RtlCompareString
ZwSetEaFile
RtlTimeToTimeFields
MmIsAddressValid
ExInterlockedInsertHeadList
IoCheckShareAccess

Sections

.text
Size: 385KB - Virtual size: 385KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 282B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 419KB - Virtual size: 418KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f739c04df3289886d1519881391e8546

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 385KB - Virtual size: 385KB

.rdata Size: 512B - Virtual size: 282B

.data Size: 14KB - Virtual size: 22KB

INIT Size: 2KB - Virtual size: 1KB

.reloc Size: 419KB - Virtual size: 418KB

.text
Size: 385KB - Virtual size: 385KB

.rdata
Size: 512B - Virtual size: 282B

.data
Size: 14KB - Virtual size: 22KB

INIT
Size: 2KB - Virtual size: 1KB

.reloc
Size: 419KB - Virtual size: 418KB