fb7af67995da5c185ff17812c5d9aa11_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fb7af67995da5c185ff17812c5d9aa11_JaffaCakes118
Size

736KB
MD5

fb7af67995da5c185ff17812c5d9aa11
SHA1

93ab823caa9ad0d4ed8b937f132db5af722cb954
SHA256

26b751656c3af018b71eae10f40f8ebbd1cc4edfe00b61c8f45001d9ff92c6f3
SHA512

2c54caa813ae48548f577c757b3d0393793b169e895a22f8d7cbd2bdb4493225d05b8ade4756dc4b5c2afa0577a8be9f77782658490601f5d72db0b6ee6c1ac3
SSDEEP

12288:otzk7mnA7NDEpsQ6+UneMevtg5/Latm/jbE1J/vljZO+VCuF3Hp8ScS2OshYhoYE:Y8N0Un3P5/+Ijg1Bv9ZO+V7F3JcOshY/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fb7af67995da5c185ff17812c5d9aa11_JaffaCakes118

Files

fb7af67995da5c185ff17812c5d9aa11_JaffaCakes118
.sys windows:4 windows x86 arch:x86

b4275474ea41dead729a69edf82eab87

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExAllocatePoolWithTag
RtlInitUnicodeString
KeInitializeEvent
IofCallDriver
IofCompleteRequest
ExFreePoolWithTag
RtlCompareMemory
IoDeleteDevice
IoCreateDevice
ZwQueryValueKey
PoCallDriver
ObfDereferenceObject
IoDetachDevice
RtlFreeUnicodeString
MmMapLockedPagesSpecifyCache
KeInitializeDpc
ZwOpenKey
RtlQueryRegistryValues
KeCancelTimer
ExFreePool
IoQueueWorkItem
KeInitializeTimer
IoAllocateWorkItem
IoBuildDeviceIoControlRequest
IoFreeWorkItem
KeClearEvent
ObReferenceObjectByHandle
PoSetPowerState
ZwSetValueKey
MmGetSystemRoutineAddress
KeReleaseSpinLockFromDpcLevel
PoRequestPowerIrp
PsCreateSystemThread
KeAcquireSpinLockAtDpcLevel
MmBuildMdlForNonPagedPool
KeInsertQueueDpc
PsTerminateSystemThread
IoWMIWriteEvent
RtlInitAnsiString
IoAllocateErrorLogEntry
IoBuildSynchronousFsdRequest
IoDeleteSymbolicLink
MmUnmapIoSpace
_vsnwprintf
IoAcquireRemoveLockEx
IoInitializeRemoveLockEx
KeResetEvent
RtlAppendUnicodeToString
ObfReferenceObject
MmMapIoSpace
KeReleaseMutex
RtlAppendUnicodeStringToString
KeInitializeMutex
RtlIntegerToUnicodeString
KeSetTimerEx
ExDeleteNPagedLookasideList
IoAcquireCancelSpinLock
IoConnectInterrupt
ZwCreateFile
RtlWriteRegistryValue
ZwQuerySystemInformation
IoGetDmaAdapter
MmUnlockPages
KeSetPriorityThread
IoGetDeviceObjectPointer

Sections

.text
Size: 314KB - Virtual size: 314KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 401KB - Virtual size: 401KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b4275474ea41dead729a69edf82eab87

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 314KB - Virtual size: 314KB

.rdata Size: 512B - Virtual size: 264B

.data Size: 15KB - Virtual size: 14KB

INIT Size: 2KB - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 401KB - Virtual size: 401KB

.text
Size: 314KB - Virtual size: 314KB

.rdata
Size: 512B - Virtual size: 264B

.data
Size: 15KB - Virtual size: 14KB

INIT
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 401KB - Virtual size: 401KB