fa20467c9436036a629e557e2eb4f404_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fa20467c9436036a629e557e2eb4f404_JaffaCakes118
Size

31KB
MD5

fa20467c9436036a629e557e2eb4f404
SHA1

37a112698aeacfb7c7477aec57a1bb134d4f964c
SHA256

47a00902702b95bcccced3b8e4449c4dc6f91a8c9887f49735cce2d498353970
SHA512

a752ccc86c5aef3e0f3678a1d478dfb2e041eb9f134706d4c84046e717c376a7b97c2743d5815fa763c8d2c2df8a16b631a7b41badacd05baabea698a46a3450
SSDEEP

768:TBFz8GF2vA6ZjZ0ucYj67fXgMqkwAv74OcCG0moO6yjalm7fG79FKT6vkowD:TBVzIA6ZjZkfG0m/jwCfG79y6WD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fa20467c9436036a629e557e2eb4f404_JaffaCakes118

Files

fa20467c9436036a629e557e2eb4f404_JaffaCakes118
.sys windows:5 windows x86 arch:x86

6434c37184db32c329398e9e8ef2b31d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IofCompleteRequest
ExfInterlockedInsertTailList
IoGetDeviceObjectPointer
KeClearEvent
ExfInterlockedRemoveHeadList
_allmul
KeInitializeEvent
InterlockedIncrement
KeQuerySystemTime
_allrem
_alldiv
ObfDereferenceObject
KeWaitForSingleObject
KeSetEvent
IoCreateNotificationEvent
IofCallDriver
IoBuildDeviceIoControlRequest
IoFreeMdl
MmBuildMdlForNonPagedPool
IoAllocateMdl
ZwQueryValueKey
ExFreePool
ZwClose
KeInitializeSpinLock
IoDeleteSymbolicLink
IoDeleteDevice
RtlCompareMemory
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
IoCreateDevice
IoCreateSymbolicLink
ExAllocatePoolWithTag
ZwOpenKey
ZwEnumerateKey
DbgPrint
MmMapLockedPages
InterlockedExchange
RtlInitUnicodeString
InterlockedExchangeAdd

hal

KeQueryPerformanceCounter
KfAcquireSpinLock
KfReleaseSpinLock

ndis.sys

NdisUnchainBufferAtFront
NdisFreePacket
NdisCloseAdapter
NdisFreePacketPool
NdisAllocatePacketPool
NdisInitializeEvent
NdisOpenAdapter
NdisSetEvent
NdisResetEvent
NdisWaitEvent
NdisSystemProcessorCount
NdisRegisterProtocol
NdisDeregisterProtocol
NdisAllocatePacket

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 736B - Virtual size: 718B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 320B - Virtual size: 292B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6434c37184db32c329398e9e8ef2b31d

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

ndis.sys

Sections

.text Size: 24KB - Virtual size: 24KB

.rdata Size: 736B - Virtual size: 718B

.data Size: 320B - Virtual size: 292B

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 24KB - Virtual size: 24KB

.rdata
Size: 736B - Virtual size: 718B

.data
Size: 320B - Virtual size: 292B

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB