fa78f56836d1030e0c9ec86e5d73f076_JaffaCakes118

General

Target

fa78f56836d1030e0c9ec86e5d73f076_JaffaCakes118
Size

29KB
MD5

fa78f56836d1030e0c9ec86e5d73f076
SHA1

b710d562094a97140121a8a757f2735b65e63d69
SHA256

887de2896b5a0688a7a7776443e00f7704b20bf9728e8cde9acf3de15236b4da
SHA512

8fe8ed8aec366df11fde46ccc4889f1bbc11dd8683f6f71afa96b326fe1715917a7214b69d1c169a60faae0368a067b140111fd92ed9cb7890c6e50513b0c7b3
SSDEEP

384:ZNIZm6o3nbUkgtCTiXmiKHiaRnVD1vew1wBNShijdW+O1Q3uLAmi9ZlPtJ:ZKZmrnb9iraRnVyNS85W+TeviR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fa78f56836d1030e0c9ec86e5d73f076_JaffaCakes118

Files

fa78f56836d1030e0c9ec86e5d73f076_JaffaCakes118
.sys windows:5 windows x86 arch:x86

e2cfa2651221e15521a6f4bd290ac0d9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExFreePoolWithTag
ExAllocatePool
ExRaiseAccessViolation
KeClearEvent
ObGetObjectSecurity
MmMapLockedPages
VerSetConditionMask
KeSetEvent
KeInitializeEvent
NtOpenThreadToken
ZwDeleteValueKey
RtlInitString
MmBuildMdlForNonPagedPool
RtlCompareString
ZwSetInformationFile
ZwUnloadDriver
ZwMakeTemporaryObject
ZwEnumerateValueKey
ZwClose
KeWaitForSingleObject
ZwFlushKey
ZwCancelTimer
ExRaiseDatatypeMisalignment
ObfReferenceObject
ZwTerminateProcess
ZwDeleteKey
ZwOpenSection
ZwLoadDriver
ZwOpenKey
memset
memcpy

Exports

Exports

_AllocVMemory@4
_ReleaseVMemory@0

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.ecode
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 202B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e2cfa2651221e15521a6f4bd290ac0d9

Headers

File Characteristics

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 3KB - Virtual size: 2KB

.ecode Size: 512B - Virtual size: 348B

.data Size: - Virtual size: 4B

PAGE Size: 4KB - Virtual size: 4KB

INIT Size: 1024B - Virtual size: 1000B

.rsrc Size: 19KB - Virtual size: 18KB

.reloc Size: 512B - Virtual size: 202B

.text
Size: 3KB - Virtual size: 2KB

.ecode
Size: 512B - Virtual size: 348B

.data
Size: - Virtual size: 4B

PAGE
Size: 4KB - Virtual size: 4KB

INIT
Size: 1024B - Virtual size: 1000B

.rsrc
Size: 19KB - Virtual size: 18KB

.reloc
Size: 512B - Virtual size: 202B